Robert Half International New York Technology Consulting Security & Privacy (Penetration Testing) Senior Consultant in NEW YORK CITY, New York
At Protiviti, we believe that a career is about more than just working, providing deliverables, and being compensated for your efforts. A Protiviti Career is about opportunities to lead, learn, grow, and make a difference.
We strive to recruit and hire the best talent. But it doesn't stop there. Once you join us, we build your career through exceptional work experiences, a culture focused on learning and development, and a commitment to the things that matter to you.
Are you inspired to make a difference?
You've come to the right place.
New York Technology Consulting Security & Privacy (Penetration Testing) Senior Consultant
NEW YORK CITY
The penetration tester is responsible for delivering high-value information security and privacy solutions that address the growing need for businesses to secure and protect their sensitive data and critical resources. The penetration tester is responsible for conducting security assessments that include:
External/Internal Vulnerability Assessment and Penetration testing
Web Application Testing
Wireless Security Assessment
Network Device Configuration Review
Security assessments span across a wide range of industries and focus on mapping client networks, identifying and exploiting potential security vulnerabilities, including but not limited to access control issues, buffer overflows, SQL injection, cross-site scripting, local/remote file inclusion, privilege escalation, and phishing emails, to break into and compromise the clients network in order to ex-filtrate data, all while circumventing security operations monitoring and controls.
Assessing clients’ network security posture through the use of automated tools and manual techniques to identify and verify common security vulnerabilities
Using creative approaches to identify vulnerabilities that are commonly missed in security assessments
Exploiting vulnerabilities and identify specific, meaningful risks to clients based on industry and business focus
Performing complex wireless attacks both against wireless clients and access points
Using social engineering techniques to obtain sensitive information, network access and physical access to client sites
Assessing physical security controls by lock picking, camera evasion, tailgating, dumpster diving and other evasive techniques
Executing opportunistic, blended and chained attack scenarios that combine multiple weaknesses to compromise client environments
Creating comprehensive assessment reports that clearly identify root cause and remediation strategies
Communicating strengths and weaknesses to the client or internal project management team and developing effective solutions.
Improving methodologies, toolsets and offerings through collaborative development work and by updating team documentation
Providing support in the ongoing development of security assessment offerings through tool creation and process improvement
EDUCATIONAL & PROFESSIONAL CREDENTIALS
Bachelor’s Degree (B.S.) from a four-year college or university in Computer Science, Engineering, Networking or Information Assurance or related area of study
OSCP, OSCE, GIAC, CISSP certifications strongly preferred
Minimum 3 years of Information Security experience strongly preferred
Minimum 3 years of practice specific experience strongly preferred
REQUIRED KNOWLEDGE & SKILLS
Ability to quickly learn new concepts and skills.
Excellent interpersonal skills to interact in team environment and foster client relationships.
Strong analytical and problem-solving skills.
Advanced verbal and written communication skills including documentation of findings and recommendations.
Strong listening skills to discern the best course of action for our clients.
BENEFICIAL TECHNICAL KNOWLEDGE & SKILLS
Experience performing Security Assessment work (vulnerability, penetration tests, web application, wireless security and social engineering) for at least the past year strongly preferred
Demonstrated ability to deliver projects using well-defined methodology across various security assessment disciplines including:
Network Vulnerability Assessments
Wireless Network Security Assessments
Social Engineering (Telephony, onsite and remote pre-texting, spear phishing, etc.)
Physical Security Assessments (Tailgating, lock picking, camera evasion, dumpster diving, etc.)
VoIP Security & War Dialing
Product/Hardware Security Assessments
Web application Vulnerability Assessments (SQLi, XSS, Session management issues, etc.)
Ability to combine multiple separate findings to identify complex blended vulnerabilities that would not be exploitable as a result of a single weakness required
Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities required
Experience with commercial and open source security tools required (e.g. Nessus, Nexpose, SAINT, Qualys, Burp, NMap, Kali, Metasploit, Meterpreter, Wireshark, Kismet, Aircrack-ng, etc.)
Familiarity with various network architectures, network services, system types, network devices, development platforms and software suites required (e.g. Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.)
Demonstrated ability to create comprehensive assessment reports required
Ability to convey complex technical security concepts to technical and non-technical audiences including executives required
Passion for creating tools and automation to make common tasks more efficient
Knowledge of programming and scripting for development of security tools
Recognition in the security community for speaking preferred
Published white papers preferred
Strong programming skills (Python, Ruby, Node.js, C/C++, Assembly, etc.) preferred
Reverse engineering/Binary analysis experience (firmware, x86 applications, etc.) preferred
ABILITY TO TRAVEL
The position requires up to 60% out-of-town travel to client locations
Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.
For all US & Canada Postings: You may submit your application materials online or call 1.888.556.7420 for additional ways to apply. Protiviti is an Equal Opportunity Employer. M/F/Disability/Veteran
NY PRO NEW YORK CITY
Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries. For the third consecutive year, Protiviti was named to the Fortune 100 Best Companies to Work® for list.
We have served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.