Experience Inc. Jobs

Job Information

Sirius Computer Solutions Sr. Security Consultant - Threat Assessment in Kansas City, Missouri

Description

Position Summary:

The Senior Security Consultant will perform project execution and report preparation activities and findings in support of client engagements. The Senior Security Consultant will provide expertise in support of the sales organization and be expected to contribute to practice development by way of process improvements and assistance with new offering development.

Primary Duties & Responsibilities

  • Provides sales team with technical and security expertise in support of business development activities. Participates in sales calls, helps scope projects, provides pricing estimates and creates pre- and post-sales documentation.

  • Receives work assignments and timelines from the Project Manager. Communicates with the Project Manager to keep the PM up to date on project status.

  • Provides clients with consulting services during a contracted engagement. Works within area(s) of expertise (e.g., penetration testing, social engineering testing, framework compliance, etc.).

  • Conduct penetration testing of web and mobile applications. Candidate should be able to perform manual exploitation of identified vulnerabilities

  • Ability to recognize, explain, document and report vulnerabilities and exploits, describing remediation activities, with the ability to effectively communicate the results, in both technical and layman terms, to the appropriate audience.

  • Executes compliance initiatives including third-party reviews, regulatory reviews and due diligence initiatives.

  • Reviews all findings and recommendations and works with assessment team to determine appropriate actions

  • Understands and identifies business processes specific to the client's environment and the appropriate risk management practices. Makes recommendations for improvement of processes and controls

  • Creates and presents clients with reports detailing methodology, findings, recommendations and remediation activities to increase security within the target environment

  • Builds focused relationships with clients to identify business challenges

  • Makes recommendations to solve client problems

  • Directly interacts with clients, sales team, managers and other technical team members to identify, develop, and obtain complete information for solutions including hardware, software and services, and scope statement and level of effort

  • Documents completed technical work for clients

  • Maintains technical specifications throughout a project

  • Contributes and develop best practices, strategies, methodologies and documentation/templates suitable for reuse by other Consultants and Analysts

  • Achieves high level of Client Satisfaction on all consulting engagements by executing to achieve client project expectations

  • Develops strong client relationships and trust to secure future businessReviews and understands all assigned Statement of Work (SOW) obligations prior to services delivery

  • Maintains accountability to work estimates and project financials

  • Provides technical perspective to ensure a realistic estimation of scope, cost and level of effort for proposal generation

  • Serves as a point of contact to the client for technical issues and status

  • Mentors less senior personnel and serves as escalation point for their technical related project issues

  • As needed, steps into team leadership roles and empowers others to increase contribution and level of responsibility

  • Complies with all time compliance and time entry guidelines

  • Meets billable utilization targets

  • Training/Certifications - Engages in professional development, including obtaining industry related certifications as directed by management, to maintain continued growth in professional skills and knowledge

  • Administrative Overhead – Respond to email, phone calls, complete time cards in a timely manner, expense reports and status reports as required

  • Performs other duties as necessary

Position Requirements

Basic Qualifications -

  • Bachelor’s Degree in Telecommunications, Engineering, Computer Science, Management Information Systems, or a related field

  • At least five (5) years InformationTechnology work experience with one or more Security solutions in the Sirius portfolio, to include:

  • At least three (3) years IT experience performing network penetration testing, social engineering testing, or vulnerability assessments

Other Position Requirements

  • Ability to think creatively when dealing with complex situations and attempting to manipulate and break applications

  • Demonstrated understanding of the OWASP top 10 and experience in discovering, verifying, and exploiting these vulnerabilities.

  • Demonstrated knowledge of and ability to create Proof-of-Concept exploits for the following vulnerabilities:

  • XML External Entity (XXE) Processing

  • Cross Site Scripting (XXS)

  • Injection style vulnerabilities such as SQL Injection (SQLi)

  • Ability to discuss vectors for sensitive data exposure within various web applications frameworks

  • Must be proficient with BurpSuite Professional

  • Demonstrated knowledge of Page Controller and Model View Controller design/architecture and the difference in approach required for testing

  • Demonstrated knowledge of the common approaches to remediating the OWASP top 10

  • Demonstrated knowledge of the OWASP Application Security Verification Standards (ASVS)

  • A working knowledge of Secure SDLC best practices

  • Experience with programming or scripting languages such as Python, Powershell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc.

  • Experience with exploitation of vulnerabilities identified through the course of testing

  • Proven TCP/IP and packet analysis skills

  • Ability to create project reports to convey complex, technical information clients can understand

  • Demonstrated communication and presentation skills, to include the ability to effectively work with clients in a consulting environment

  • Demonstrated ability to manage multiple projects and timelines

  • Demonstrated ability to perform technical skills/knowledge transfer to client

  • Knowledge of emerging security technologies, software, and methodologies

  • Demonstrated ability to collaborate effectively with a wide variety of client and Sirius team members, including management and technical staff

  • Demonstrated ability to investigate complex problems where analysis of situations or data requires an in- depth evaluation of variable factors from multiple IT solutions and/or disciplines

  • Demonstrated understanding of core business functions of a typical company, and ability to employ step by step logic to solve business problems

  • Experience as a member of a technical project team, from design through delivery

  • Experience troubleshooting and identifying potential problems and making appropriate changes as necessary

  • Experience creating technical documentation

  • Demonstrated ability to work with wide variety of client staff including management and technical staff

  • Demonstrated ability to provide guidance and leadership to less experienced technical team members, including delegating technical tasks, and at times resolving issues of poor technical execution without escalation

  • Demonstrated presentation and communication skills, including effectively communicating one-on-one, and insmall and large groups, using a variety of presentation methods to sustain the audiences’ engagement

  • Demonstrated time management and organizational skills; ability to handle multiple tasks simultaneously

  • Demonstrated ability to establish positive working relationships and conduct complex and important work critical to the organization in a team consulting environment

Preferred Qualifications:

  • Consulting experience

  • Experience as a developer and proficiency with .NET or Java

  • A demonstrated understanding of Web Application development

  • Significant experience in development program creation and refinement

  • Experience with secure coding best practices in .NET or Java

  • Experience performing Secure Code Reviews

  • Offensive Security Web Expert (OSWE) Certification

  • Offensive Security Certified Professional (OSCP) Certification

  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification

  • GIAC Penetration Tester (GPEN) Certification

  • GIAC Web Application Penetration Tester (GWAPT) Certification

  • ISC2 Certified Information Systems Security Professional

  • Experience or willingness to perform public speaking

  • Knowledge of emerging security technologies, software, and methodologies

Data Privacy and Security :

  • All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority.

  • Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department. Other data privacy and data security related regulatory training may be required based on your role or assignment.

Essential Functions

The position exists to provide technical consulting solutions to customers a nd as such requires the ability to travel to and from customer sites and interact with customers on an ongoing and regular basis.

The above primary duties, responsibilities, and position requirements are not all inclusive.

Competencies

Demonstrates competencies defined for the Analyst through Consultant levels, plus the following:

Customer Focus - Gains insight into customer needs. Identifies opportunities that benefit the customer. Builds and delivers solutions that meet customer expectations. Establishes and maintains effective customer relationships.

Financial Acumen - Understands the meaning and implications of key financial indicators. Uses financial analysis to generate, evaluate and act on strategic options and opportunities. Integrates quantitative and qualitative information to draw accurate conclusions.

Cultivates Innovation - Comes up with useful ideas that are new, better, or unique. Introduces new ways of looking at problems. Can take a creative idea and put into practice. Encourages diverse thinking to promote and nurture innovation.

Plans and Aligns - Sets objectives to align with broader organizational goals. Breaks down objectives into appropriate initiatives and actions. Stages activities with relevant milestones and schedules. Anticipates and adjusts effective contingency plans.

Optimizes Work Processes - Identifies and creates the processes necessary to get work done. Separates and combines activities into efficient workflow. Designs processes and procedures that allow managing from a distance. Seek ways to improve processes, from small tweaks to complete reengineering.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

DirectEmployers