Job Details

  • Title: Security Operations and Threat Management Services Consultant
  • Code: RCI-2449
  • Location:
  • Posted Date: 07/28/2020
  • Duration: 6 Months
Talk to our Recruiter

  Job Description

Security Operations and Threat Management Services Consultant

  • Perform manual penetration tests of websites, services, infrastructure and networks to discover and exploit vulnerabilities.
  • Collaborate with other penetration testers and Cyber Defense team members across the globe.
  • Clearly document and communicate findings and remediation recommendations to the application/service owners.
  • Partner with the Incident Response and SOC teams to operationalize new detection concepts.

Detailed Role Description(s):

  • Work with key Client Security team and provide Security Operations and Threat Management Services support as requested;
  • Work with key Client Security team and their internal application and product stakeholders to scope the application and network assessment, discuss logistics of the testing and request necessary access and other details to commence the testing.
  • Ensure that the application has been categorized appropriately and discuss the efforts and the time required to thoroughly test the application / network in-scope. In the event that the application has been categorized incorrectly, A&M personnel will work with the Client stakeholders in re-categorizing the application.
  • Document and validate the findings from the testing to reduce false positives;
  • Drive the findings discussion with Client and/or application stakeholders and manage the results of the assessment;
  • Provide documentation and reporting support based on the confirmed findings and provide advisory support for remediation efforts

Skills:

  • Understanding of web-based security vulnerabilities, ability to identify and exploit them (e.g. XSS, CSRF, SQLi, session management issues, etc.)
  • Prior experience in web development.
  • Experience in CTF competitions or Bug Bounty programs.
  • Experience in Internet of Things (IoT) security and exploitation.
  • Experience in mobile (iOS/Android) application development/assessment.
  • Ability to provide customer-facing support in a professional manner
  • Certifications: OSCP, OSCE, OSWE, GPEN, GXPN, GWAPT