Robert Half International New York Technology Consulting Security & Privacy (Penetration Testing) Senior Consultant in NEW YORK CITY, New York

At Protiviti, we believe that a career is about more than just working, providing deliverables, and being compensated for your efforts. A Protiviti Career is about opportunities to lead, learn, grow, and make a difference.

We strive to recruit and hire the best talent. But it doesn't stop there. Once you join us, we build your career through exceptional work experiences, a culture focused on learning and development, and a commitment to the things that matter to you.

Are you inspired to make a difference?

You've come to the right place.

JOB REQUISITION

New York Technology Consulting Security & Privacy (Penetration Testing) Senior Consultant

LOCATION

NEW YORK CITY

ADDITIONAL LOCATION

JOB DESCRIPTION

The penetration tester is responsible for delivering high-value information security and privacy solutions that address the growing need for businesses to secure and protect their sensitive data and critical resources. The penetration tester is responsible for conducting security assessments that include:

  • External/Internal Vulnerability Assessment and Penetration testing

  • Web Application Testing

  • Social Engineering

  • Wireless Security Assessment

  • Network Device Configuration Review

Security assessments span across a wide range of industries and focus on mapping client networks, identifying and exploiting potential security vulnerabilities, including but not limited to access control issues, buffer overflows, SQL injection, cross-site scripting, local/remote file inclusion, privilege escalation, and phishing emails, to break into and compromise the clients network in order to ex-filtrate data, all while circumventing security operations monitoring and controls.

RESPONSIBILITIES

  • Assessing clients’ network security posture through the use of automated tools and manual techniques to identify and verify common security vulnerabilities

  • Using creative approaches to identify vulnerabilities that are commonly missed in security assessments

  • Exploiting vulnerabilities and identify specific, meaningful risks to clients based on industry and business focus

  • Performing complex wireless attacks both against wireless clients and access points

  • Using social engineering techniques to obtain sensitive information, network access and physical access to client sites

  • Assessing physical security controls by lock picking, camera evasion, tailgating, dumpster diving and other evasive techniques

  • Executing opportunistic, blended and chained attack scenarios that combine multiple weaknesses to compromise client environments

  • Creating comprehensive assessment reports that clearly identify root cause and remediation strategies

  • Communicating strengths and weaknesses to the client or internal project management team and developing effective solutions.

  • Improving methodologies, toolsets and offerings through collaborative development work and by updating team documentation

  • Providing support in the ongoing development of security assessment offerings through tool creation and process improvement

EDUCATIONAL & PROFESSIONAL CREDENTIALS

  • Bachelor’s Degree (B.S.) from a four-year college or university in Computer Science, Engineering, Networking or Information Assurance or related area of study

  • OSCP, OSCE, GIAC, CISSP certifications strongly preferred

  • Minimum 3 years of Information Security experience strongly preferred

  • Minimum 3 years of practice specific experience strongly preferred

REQUIRED KNOWLEDGE & SKILLS

  • Ability to quickly learn new concepts and skills.

  • Excellent interpersonal skills to interact in team environment and foster client relationships.

  • Strong analytical and problem-solving skills.

  • Advanced verbal and written communication skills including documentation of findings and recommendations.

  • Strong listening skills to discern the best course of action for our clients.

BENEFICIAL TECHNICAL KNOWLEDGE & SKILLS

  • Experience performing Security Assessment work (vulnerability, penetration tests, web application, wireless security and social engineering) for at least the past year strongly preferred

  • Demonstrated ability to deliver projects using well-defined methodology across various security assessment disciplines including:

  • Network Vulnerability Assessments

  • Penetration Tests

  • Wireless Network Security Assessments

  • Social Engineering (Telephony, onsite and remote pre-texting, spear phishing, etc.)

  • Physical Security Assessments (Tailgating, lock picking, camera evasion, dumpster diving, etc.)

  • VoIP Security & War Dialing

  • Product/Hardware Security Assessments

  • Web application Vulnerability Assessments (SQLi, XSS, Session management issues, etc.)

  • Ability to combine multiple separate findings to identify complex blended vulnerabilities that would not be exploitable as a result of a single weakness required

  • Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities required

  • Experience with commercial and open source security tools required (e.g. Nessus, Nexpose, SAINT, Qualys, Burp, NMap, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng, etc.)

  • Familiarity with various network architectures, network services, system types, network devices, development platforms and software suites required (e.g. Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.)

  • Demonstrated ability to create comprehensive assessment reports required

  • Ability to convey complex technical security concepts to technical and non-technical audiences including executives required

  • Passion for creating tools and automation to make common tasks more efficient

  • Knowledge of programming and scripting for development of security tools

  • Recognition in the security community for speaking preferred

  • Published white papers preferred

  • Strong programming skills (Python, Ruby, Node.js, C/C++, Assembly, etc.) preferred

  • Reverse engineering/Binary analysis experience (firmware, x86 applications, etc.) preferred

ABILITY TO TRAVEL

  • The position requires up to 60% out-of-town travel to client locations

  • Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

For all US & Canada Postings: You may submit your application materials online or call 1.888.556.7420 for additional ways to apply. Protiviti is an Equal Opportunity Employer. M/F/Disability/Veteran

JOB LOCATION

NY PRO NEW YORK CITY

Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries. For the third consecutive year, Protiviti was named to the Fortune 100 Best Companies to Work® for list.

We have served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.