Sirius Computer Solutions Sr. Security Consultant - Threat Assessment in Kansas City, Missouri
The Senior Security Consultant will perform project execution and report preparation activities and findings in support of client engagements. The Senior Security Consultant will provide expertise in support of the sales organization and be expected to contribute to practice development by way of process improvements and assistance with new offering development.
Primary Duties & Responsibilities
Provides sales team with technical and security expertise in support of business development activities. Participates in sales calls, helps scope projects, provides pricing estimates and creates pre- and post-sales documentation.
Receives work assignments and timelines from the Project Manager. Communicates with the Project Manager to keep the PM up to date on project status.
Provides clients with consulting services during a contracted engagement. Works within area(s) of expertise (e.g., penetration testing, social engineering testing, framework compliance, etc.).
Conduct penetration testing of web and mobile applications. Candidate should be able to perform manual exploitation of identified vulnerabilities
Ability to recognize, explain, document and report vulnerabilities and exploits, describing remediation activities, with the ability to effectively communicate the results, in both technical and layman terms, to the appropriate audience.
Executes compliance initiatives including third-party reviews, regulatory reviews and due diligence initiatives.
Reviews all findings and recommendations and works with assessment team to determine appropriate actions
Understands and identifies business processes specific to the client's environment and the appropriate risk management practices. Makes recommendations for improvement of processes and controls
Creates and presents clients with reports detailing methodology, findings, recommendations and remediation activities to increase security within the target environment
Builds focused relationships with clients to identify business challenges
Makes recommendations to solve client problems
Directly interacts with clients, sales team, managers and other technical team members to identify, develop, and obtain complete information for solutions including hardware, software and services, and scope statement and level of effort
Documents completed technical work for clients
Maintains technical specifications throughout a project
Contributes and develop best practices, strategies, methodologies and documentation/templates suitable for reuse by other Consultants and Analysts
Achieves high level of Client Satisfaction on all consulting engagements by executing to achieve client project expectations
Develops strong client relationships and trust to secure future businessReviews and understands all assigned Statement of Work (SOW) obligations prior to services delivery
Maintains accountability to work estimates and project financials
Provides technical perspective to ensure a realistic estimation of scope, cost and level of effort for proposal generation
Serves as a point of contact to the client for technical issues and status
Mentors less senior personnel and serves as escalation point for their technical related project issues
As needed, steps into team leadership roles and empowers others to increase contribution and level of responsibility
Complies with all time compliance and time entry guidelines
Meets billable utilization targets
Training/Certifications - Engages in professional development, including obtaining industry related certifications as directed by management, to maintain continued growth in professional skills and knowledge
Administrative Overhead – Respond to email, phone calls, complete time cards in a timely manner, expense reports and status reports as required
Performs other duties as necessary
Basic Qualifications -
Bachelor’s Degree in Telecommunications, Engineering, Computer Science, Management Information Systems, or a related field
At least five (5) years InformationTechnology work experience with one or more Security solutions in the Sirius portfolio, to include:
At least three (3) years IT experience performing network penetration testing, social engineering testing, or vulnerability assessments
Other Position Requirements
Ability to think creatively when dealing with complex situations and attempting to manipulate and break applications
Demonstrated understanding of the OWASP top 10 and experience in discovering, verifying, and exploiting these vulnerabilities.
Demonstrated knowledge of and ability to create Proof-of-Concept exploits for the following vulnerabilities:
XML External Entity (XXE) Processing
Cross Site Scripting (XXS)
Injection style vulnerabilities such as SQL Injection (SQLi)
Ability to discuss vectors for sensitive data exposure within various web applications frameworks
Must be proficient with BurpSuite Professional
Demonstrated knowledge of Page Controller and Model View Controller design/architecture and the difference in approach required for testing
Demonstrated knowledge of the common approaches to remediating the OWASP top 10
Demonstrated knowledge of the OWASP Application Security Verification Standards (ASVS)
A working knowledge of Secure SDLC best practices
Experience with programming or scripting languages such as Python, Powershell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc.
Experience with exploitation of vulnerabilities identified through the course of testing
Proven TCP/IP and packet analysis skills
Ability to create project reports to convey complex, technical information clients can understand
Demonstrated communication and presentation skills, to include the ability to effectively work with clients in a consulting environment
Demonstrated ability to manage multiple projects and timelines
Demonstrated ability to perform technical skills/knowledge transfer to client
Knowledge of emerging security technologies, software, and methodologies
Demonstrated ability to collaborate effectively with a wide variety of client and Sirius team members, including management and technical staff
Demonstrated ability to investigate complex problems where analysis of situations or data requires an in- depth evaluation of variable factors from multiple IT solutions and/or disciplines
Demonstrated understanding of core business functions of a typical company, and ability to employ step by step logic to solve business problems
Experience as a member of a technical project team, from design through delivery
Experience troubleshooting and identifying potential problems and making appropriate changes as necessary
Experience creating technical documentation
Demonstrated ability to work with wide variety of client staff including management and technical staff
Demonstrated ability to provide guidance and leadership to less experienced technical team members, including delegating technical tasks, and at times resolving issues of poor technical execution without escalation
Demonstrated presentation and communication skills, including effectively communicating one-on-one, and insmall and large groups, using a variety of presentation methods to sustain the audiences’ engagement
Demonstrated time management and organizational skills; ability to handle multiple tasks simultaneously
Demonstrated ability to establish positive working relationships and conduct complex and important work critical to the organization in a team consulting environment
Experience as a developer and proficiency with .NET or Java
A demonstrated understanding of Web Application development
Significant experience in development program creation and refinement
Experience with secure coding best practices in .NET or Java
Experience performing Secure Code Reviews
Offensive Security Web Expert (OSWE) Certification
Offensive Security Certified Professional (OSCP) Certification
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification
GIAC Penetration Tester (GPEN) Certification
GIAC Web Application Penetration Tester (GWAPT) Certification
ISC2 Certified Information Systems Security Professional
Experience or willingness to perform public speaking
Knowledge of emerging security technologies, software, and methodologies
Data Privacy and Security :
All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority.
Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department. Other data privacy and data security related regulatory training may be required based on your role or assignment.
The position exists to provide technical consulting solutions to customers a nd as such requires the ability to travel to and from customer sites and interact with customers on an ongoing and regular basis.
The above primary duties, responsibilities, and position requirements are not all inclusive.
Demonstrates competencies defined for the Analyst through Consultant levels, plus the following:
Customer Focus - Gains insight into customer needs. Identifies opportunities that benefit the customer. Builds and delivers solutions that meet customer expectations. Establishes and maintains effective customer relationships.
Financial Acumen - Understands the meaning and implications of key financial indicators. Uses financial analysis to generate, evaluate and act on strategic options and opportunities. Integrates quantitative and qualitative information to draw accurate conclusions.
Cultivates Innovation - Comes up with useful ideas that are new, better, or unique. Introduces new ways of looking at problems. Can take a creative idea and put into practice. Encourages diverse thinking to promote and nurture innovation.
Plans and Aligns - Sets objectives to align with broader organizational goals. Breaks down objectives into appropriate initiatives and actions. Stages activities with relevant milestones and schedules. Anticipates and adjusts effective contingency plans.
Optimizes Work Processes - Identifies and creates the processes necessary to get work done. Separates and combines activities into efficient workflow. Designs processes and procedures that allow managing from a distance. Seek ways to improve processes, from small tweaks to complete reengineering.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
Sirius Computer Solutions
- Sirius Computer Solutions Jobs