[itroundtable] LEAD: Sr Attack & Penetration Cnsltnt - NYC - to 160k

 

POSITION:    Senior Attack & Penetration Consultant – Security & Privacy Solutions / Technology Risk REPORTS TO:     Technology Risk Manager LOCATION:    New York, NY                                                                                                                                                 My client is the leading international provider of independent internal audit, business and technology risk consulting services. My client helps companies identify, measure, and manage operational and technology-related risks they face within their business, their systems and processes. We help our clients seize new opportunities for growth and profitability while managing their business and technology risks.  Independence means objective, unfettered advice delivered in the best interests of our clients.  We work with 22% of the Fortune 1000 companies in industries such as financial services and real estate, media, hospitality and communication, manufacturing, distribution and technology, consumer products and retail, government, education and not-for-profit.  In just over 5 years, My client has established itself as the leader in the marketplace, with over 50 offices in North America, Europe, Asia and Australia.   Information Technology Security Services My client's Information Security services help companies identify, analyze, and mitigate risks, automate controls and standardize information security processes.  My client's deep expertise in Information Security can help ensure the integrity, reliability and performance of these processes.   The following statements are intended to describe the general nature and level of work being performed. This is not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel.   JOB DESCRIPTION   OVERALL RESPONSIBILITY The Senior Consultant has primary responsibility for direct supervision of Consultants in developing and executing Information Security project work plans.  The Senior Consultant has direct, client-facing engagement responsibilities.  Serving as both role model and trainer, the Senior Consultant demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency. The Senior Consultant learns to identify areas of IT risk and opportunities to improve information security, and business processes.   SPECIFIC RESPONSIBILITIES Reviewing, documenting, evaluating and testing Information Security based controls in a wide range of environments including Windows, Linux, mainframe, mid-range and client server.  IT control procedures address IS organization and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures; Reviewing information system architecture and security controls, this includes however is not inclusive of firewall and border router configurations, operating systems configurations, wireless architectures, databases, and information security policies and procedures; §         Execute internal and external Network Attack and Penetration, and vulnerability assessments.  This entails impersonating an authorize client person to obtain physical access to the client facilities (social engineering), identifying internal information assets, assessing and exploiting threats and vulnerabilities.  Additionally, assist client management in performing root cause analysis and prioritizing identified vulnerabilities, and in developing action plans to address these areas; Perform Web Applications security reviews utilizing automated scanners such as WebInspect and Nikto, and manual exploits such as cross-site scripting, SQL injections, and buffer overflows to obtain business critical data, i.e. credit card information; Assists with the administration of Project Setups, Billing, Reconciling Job Summaries, Recruiting and New Business Development; Communicating IT control strengths and weaknesses to the client or internal audit engagement team and developing effective solutions; Ensure timely completion of assigned project phases; Develop and maintain effective client relationships; Apply understanding of My client policies and proficiency in My client methodologies Apply understanding of business processes and technical skills to successful completion of project assignments; Develop understanding of project requirements and client's business Supervise and train project personnel; Preparing audit reports on findings and recommendations to senior management; Demonstrate consistency in values, principles and work ethics. ABITLITY TO TRAVEL The position requires up to 40% of out-of-town travel to client work sites.   EDUCATIONAL & PROFESSIONAL CREDENTIALS REQUIRED Bachelor's degree in relevant discipline (Computer Information Systems, Information System Technologies, Management Information Systems); Minimum GPA 3.0; 3+ years in a related field, preferably in professional services and/or industry.   EDUCATIONAL & PROFESSIONAL CREDENTIALS PREFERRED Professional Certification such as CISSP, CISM, GSEC, GIAC are strongly preferred (Required for advancement to Manager-level position; Consulting experience in Information Security, particularly in vulnerability assessments, penetration testing, security architecture reviews, web application security reviews, and wireless security assessments.   REQUIRED KNOWLEDGE & SKILLS Project management skills; Working proficiency in information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, etc; Interpersonal skills to interact in team environment and foster client relationships; Supervisory skills; Understanding of the importance of business ethics; Sound job administration skills; Above average written communication skills including documentation of findings and recommendations; Analytical skills; Must be able to handle highly confidential information in a strictly professional manner; Must be able to maintain professional demeanor in times of high stress.   REQUIRED TECHNICAL KNOWLEDGE & SKILLS A diverse skill base in both Information Systems and Information Security; Attack and Penetration testing of Web-based applications; Manual Attack and Penetration testing experience above and beyond running automated tools is a plus; Application source code review assessments is a plus; 1 – 2 years of experience in one or more of the following Operating Environments is a plus: Windows Server 2003/2000/NT, Linux and UNIX; 1 – 2 years of experience in one or more of the following Database Environments is a plus: Microsoft SQL Server, Oracle, Sybase, DB2 and MySQL; 1 – 2 years of experience in TCP/IP Networking is a plus; Experience with programming languages such as Java, C, C++, C#, and .NET is a plus; CONTINUING EDUCATION & OPPORTUNITIES All employees throughout their career with My client have the opportunity to be involved in our Training Programs, Mentoring Program and Incentive Compensation Program; Resumes  to Janelle@razzinoassociates.com     MIS Ntwk Assoc Mtg Dates: Mar 6th - Tues Reg Mtg - 6 pm - Berman Larson Kane Offices, Paramus - DO NOT use GPS for directions - Get dir from BLK site - Bring 15 copies of your resume Mar 27th Tues Dinner Mtg - Totowa - Eli Amdur will be the spkr - subject TBD

__._,_.___

Reply to sender | Reply to group | Reply via web post | Start a New Topic

Messages in this topic (1)

Recent Activity:

• New Members 1

Visit Your Group

Switch to: Text-Only, Daily Digest • Unsubscribe • Terms of Use

.

__,_._,___