Required Experience:

  • 6+ years of security assessment and/or security engineering experience
  • Specific expertise in security engineering related to the architecture utilized by ISPs and other commercial service providers desired
  • Experience with malware analysis and reverse engineering desired
  • Experience performing and leading advanced assessments related to physical and virtual network devices, applications, source code, databases, middleware and host security
  • Hands-on experience with commercial tools commonly used to perform security assessments (e.g., Metasploit, Nessus, Nexpose, Core Impact, WebInspect, Burp, Fortify, Retina, AppDetective, Netsparker, etc.)
  • Strong knowledge of common attack techniques (e.g., SQL injection, fuzzing, parameter manipulation)
  • Experience conducting analysis of electronic media, packet capture, log data and network devices in support of intrusion analysis or enterprise level information security operations
  • Experience building and testing reference architectures
  • Expertise consulting with stakeholders to define needs, develop requirements and analyze findings to advise and recommend solutions
  • Excellent communication, written, and presentation skills with the ability to present to a variety of external audiences, including senior executives

Duties:

  • Perform network vulnerability assessments and penetration testing as requested; testing may also include application assessments, threat analysis, wireless network assessments and social engineering
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Effectively communicate findings and strategy to customer stakeholders, including technical staff, executive leadership and legal counsel
  • Recognize and safely utilize vulnerability assessment tools as well as attacker tools, tactics and procedures
  • Develop scripts, tools or methodologies to enhance the vulnerability assessment and penetration testing processes
  • Lead security assessments from kickoff through remediation, and mentoring less experienced staff when and where necessary

Educational Experience:

A Bachelor’s Degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline is preferred.

One of the desired certifications: GCIA CPT: Certified Penetration Tester, GCIA CEPT: Certified Expert Penetration Tester, GCIA GPEN: GIAC Certified Penetration Tester, OSCP: Offensive Security Certified Professional

To apply for this job email your details to shruthi@esystems-inc.com