Information Security Consultant - Tester #89134 | Total System Services, Inc.| GA - Columbus

Information Security Consultant - Tester #89134 | Total System Services, Inc.| GA - Columbus

Information Security Consultant - Tester Job

• Apply now

Date: Feb 11, 2014

Location: Columbus, GA, US

Information Security Consultant - Tester-89134

Description

Summary

Successful candidates must possess a thorough working knowledge of common commercial and/or open source vulnerability assessment, web application assessment, and penetration testing tools and techniques used for evaluating operating systems, networking devices, databases and web applications.

Candidate will provide technical information system security testing and provide remedial actions required to comply with regulatory compliance requirements. Techniques used include network and application vulnerability testing and may include web application source code reviews.

The candidate shall develop documentation in support of testing efforts that may include: Security Assessment Test Plans, Penetration Test Plans, Assessment Test Reports, and other, similar testing evidence, as required by the client.

Responsibilities

Identify vulnerabilities and security risks of firewalls, routers, networks, operating systems, applications, databases and new technology initiatives in support of security assessment and authorization. Work independently for smaller efforts and as part of a team for larger assessment efforts.

Qualifications

Education/Experience

Four year college degree and 6 or more years professional experience or 10 or more years professional experience is required. Candidates should be skilled in multiple of the following areas:
--Web Application Assessment Tools (i.e. HP WebInspect, IBM AppScan, or similar)

--Penetration Testing Tools (i.e. Core Impact, Metasploit, or similar)

--Vulnerability Assessment Tools (McAfee, Qualys, Rapid7 Nexpose, or similar)

--Networking/Network Engineering/Network Administration: expert understanding and extensive experience in a broad range of networking concepts, technologies, architectures, and security concerns specific to networking, to include wireless networking and the security issues surrounding it.

--Operating Systems: expert understanding of the following operating systems and their related security concerns required:
- Microsoft Windows desktop/server operating systems
- UNIX and Linux and other UNIX variants
--Microsoft Solutions: Active Directory, Exchange, SharePoint, and other core software solutions and their related security concerns.
--Web Applications & Technologies: advanced understanding of application programming languages, application servers, web services, browser technology, common vulnerabilities, security best practices, and automated assessment tools and manual testing techniques specific to web applications. Working knowledge of JavaScript, AJAX, PHP, Perl, SOAP-based web Services and ability to perform code review in Java, C# and/or .Net.
--Enterprise Solutions, Storage & Databases: advanced understanding of relational database, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
--Software Programming: advanced experience with at least JAVA and Microsoft .NET. Experience with Python, Perl, Ruby, UNIX Shell Scripting.
--Mainframe: hardware, operating systems, networking, and security best practices.

In addition to one or more of the critical skills listed above, all candidates must be knowledgeable in the following areas:
--All candidates shall be comfortable using, configuring, troubleshooting, and administering both UNIX and Microsoft operating systems with extensive experience with at least one of these operating systems.
--Have a broad knowledge of security best practices, security solutions, and methodologies for conducting advanced security assessments, to include manual assessments and malicious user testing.
--Have a solid understanding of PCI, GLBA, SOX and FFIEC.
--Have a broad and expert knowledge of security assessment tools (commercial, free/shareware) and manual security testing techniques.
--Advanced understanding of security tool strengths and weaknesses and ability to select, configure, troubleshoot and use the best tool for the job.
--Have a broad knowledge of cyber security threats and techniques used by adversaries to compromise systems, both technical and non-technical techniques.
--Have the ability to think creatively, to think critically, to analyze complex concepts, to articulate themselves clearly and concisely, and to conduct themselves in a professional manner.
--One of the following Certifications Required: Certified Information Security Professionals (CISSP), GIAC Certified Penetration Tester (GPEN), or GIAC Certified Web Application Penetration Tester (GWAPT).

Summary

Successful candidates must possess a thorough working knowledge of common commercial and/or open source vulnerability assessment, web application assessment, and penetration testing tools and techniques used for evaluating operating systems, networking devices, databases and web applications.

Candidate will provide technical information system security testing and provide remedial actions required to comply with regulatory compliance requirements. Techniques used include network and application vulnerability testing and may include web application source code reviews.

The candidate shall develop documentation in support of testing efforts that may include: Security Assessment Test Plans, Penetration Test Plans, Assessment Test Reports, and other, similar testing evidence, as required by the client.

Responsibilities

Identify vulnerabilities and security risks of firewalls, routers, networks, operating systems, applications, databases and new technology initiatives in support of security assessment and authorization. Work independently for smaller efforts and as part of a team for larger assessment efforts.

Qualifications

Education/Experience

Four year college degree and 6 or more years professional experience or 10 or more years professional experience is required. Candidates should be skilled in multiple of the following areas:
--Web Application Assessment Tools (i.e. HP WebInspect, IBM AppScan, or similar)

--Penetration Testing Tools (i.e. Core Impact, Metasploit, or similar)

--Vulnerability Assessment Tools (McAfee, Qualys, Rapid7 Nexpose, or similar)

--Networking/Network Engineering/Network Administration: expert understanding and extensive experience in a broad range of networking concepts, technologies, architectures, and security concerns specific to networking, to include wireless networking and the security issues surrounding it.

--Operating Systems: expert understanding of the following operating systems and their related security concerns required:
- Microsoft Windows desktop/server operating systems
- UNIX and Linux and other UNIX variants
--Microsoft Solutions: Active Directory, Exchange, SharePoint, and other core software solutions and their related security concerns.
--Web Applications & Technologies: advanced understanding of application programming languages, application servers, web services, browser technology, common vulnerabilities, security best practices, and automated assessment tools and manual testing techniques specific to web applications. Working knowledge of JavaScript, AJAX, PHP, Perl, SOAP-based web Services and ability to perform code review in Java, C# and/or .Net.
--Enterprise Solutions, Storage & Databases: advanced understanding of relational database, database management systems, enterprise storage solutions, and security concerns specific to these technologies.
--Software Programming: advanced experience with at least JAVA and Microsoft .NET. Experience with Python, Perl, Ruby, UNIX Shell Scripting.
--Mainframe: hardware, operating systems, networking, and security best practices.

In addition to one or more of the critical skills listed above, all candidates must be knowledgeable in the following areas:
--All candidates shall be comfortable using, configuring, troubleshooting, and administering both UNIX and Microsoft operating systems with extensive experience with at least one of these operating systems.
--Have a broad knowledge of security best practices, security solutions, and methodologies for conducting advanced security assessments, to include manual assessments and malicious user testing.
--Have a solid understanding of PCI, GLBA, SOX and FFIEC.
--Have a broad and expert knowledge of security assessment tools (commercial, free/shareware) and manual security testing techniques.
--Advanced understanding of security tool strengths and weaknesses and ability to select, configure, troubleshoot and use the best tool for the job.
--Have a broad knowledge of cyber security threats and techniques used by adversaries to compromise systems, both technical and non-technical techniques.
--Have the ability to think creatively, to think critically, to analyze complex concepts, to articulate themselves clearly and concisely, and to conduct themselves in a professional manner.
--One of the following Certifications Required: Certified Information Security Professionals (CISSP), GIAC Certified Penetration Tester (GPEN), or GIAC Certified Web Application Penetration Tester (GWAPT).

Qualifications

Job: Risk & Compliance
Primary Location: US-GA-Columbus
Organization: Total System Services, Inc.
Schedule: Full-time
Job Posting:
Unposting Date:
Recruiter: Catrina J McKinney

Nearest Major Market: Columbus GA
Job Segments: Consulting, Consultant, Information Security, Security, Engineer, Contract, Technology, Engineering

 

 

http://jobs.tsys.com/job/Columbus-Information-Security-Consultant-Penetration-Tester-Job-GA-31829/2621759/