Executive Job Title	Senior Systems Security Consultant
Type of Registrant	Recruiter
Location	Philadelphia
Industry & Function 1:	Accounting-(Public) - CONSULTING--(toClients&Internal)
Industry & Function 2:	Computers-Services&Consulting - TECHNOLOGY(IT/EDP/MIS/Communications)
Compensation	$100,000 to $200,000
Executive Job Description	JOB DESCRIPTION OVERALL RESPONSIBILITY The Senior Consultant has primary responsibility for direct supervision of Consultants in developing and executing Information Security project work plans. The Senior Consultant has direct, client-facing engagement responsibilities. Serving as both role model and trainer, the Senior Consultant demonstrates the attributes of excellent client service and assists team members in developing technical and professional competency. The Senior Consultant learns to identify areas of IT risk in the client environment and opportunities to help them to improve information security, and business processes. SPECIFIC RESPONSIBILITIES Supervise and train project personnel; Review, document, evaluate and test Information Security (IS) controls in a wide range of IT environments including Windows, Linux, and Mainframe, mid-range and client server. The Senior Consultant must be well versed in various IS controls which address organizational structure and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures Execute internal and external Network Attack and Penetration, and Vulnerability Assessments. This entails simulating an external attacker profiling and exploiting Client target networks. Senior must be familiar with leading penetration testing tools and techniques, be able to identify vulnerabilities within Client systems, identify or develop appropriate exploit code, and launch successful exploits to obtain access to target systems. Testing activity will be closely coordinated with Clients to minimize potential adverse affects to Client systems and network. Internal pentest activity involves simulating a motivated attacker to obtain physical access to client facilities (social engineering), identifying internal information assets, assessing threats and exploiting vulnerabilities via the use of manual techniques and automated testing tools such as native Operating System, network maintenance and troubleshooting commands as well as automated scanning software, e.g., NMap port scanner and Nessus vulnerability scanner; Review information system architecture and security controls. The Senior Consultant should be able to assess technical security controls and related operational procedures. This includes, but is not limited to, firewall and border router configurations, operating systems configurations, wireless architectures, databases, specialized appliances and information security policies and procedures; Additionally, assist engagement management team in performing root cause analysis, prioritizing identified vulnerabilities, and developing action plans to address these areas; Perform Web Applications Penetration Tests and Vulnerability Assessments utilizing software tools such as WebInspect and Nikto, and manual techniques to exploit vulnerabilities in the OWASP top 10 including but not limited too cross-site scripting, SQL injections, session hi-jacking and buffer overflows to obtain controlled access to target systems; Perform network traffic forensic analysis, utilizing packet capturing software, to isolate malicious network behavior, inappropriate network use or identification of insecure network protocols; Develop understanding of project requirements and client's business; Communicate IS control strengths and weaknesses to the client or internal audit engagement team and assist in developing effective solutions; Develop and write effective project reports and deliverables. Reports must present results in recommendations in both a common language understandable to business executives and provide technical details to assist IT personnel in correcting deficiencies; Ensure timely completion of established project milestones; Develop and maintain effective client relationships; Develop and apply proficiency with company policies and methodologies; Apply understanding of business processes and technical skills to successful completion of projects; Assist with administrative duties such as Project Setup, Account Billing, Reconciling Job Summaries, Recruiting and Business Development; Demonstrate consistency in values, principles and work ethics. ABILITY TO TRAVEL The position requires up to 40% out-of-town travel to client locations. Skills EDUCATIONAL & PROFESSIONAL CREDENTIALS REQUIRED Bachelor's degree in a relevant discipline (Computer Information Systems, Information System Technologies, Management Information Systems); Minimum GPA 3.0; 3+ years in a related field, preferably in professional services and/or industry. EDUCATIONAL & PROFESSIONAL CREDENTIALS PREFERRED Professional Certification such as CISSP, CISM, GSEC, GIAC, CEH, CPT are strongly preferred Consulting experience in Information Security, particularly in vulnerability assessments, penetration testing, security architecture reviews, web application security reviews, and wireless security assessments. REQUIRED KNOWLEDGE & SKILLS Project management skills; Technical proficiency in penetration testing tools and techniques; Proficiency in utilization of information security tools such as Nessus, Kismet, Airsnort, NMAP, Ethereal, etc; Understanding of the importance of business ethics; Sound job administration skills; Above-average written and verbal communication skills, including documentation of findings and recommendations; Analytical skills; Ability to handle highly confidential information in a strictly professional manner; Ability to maintain professional demeanor in times of high stress. REQUIRED TECHNICAL KNOWLEDGE & SKILLS 2+ years hands on experience in one or more of the following Operating Systems: Windows Server 2003/2000/NT, Linux and UNIX; 2+ years practical experience in TCP/IP Networking; A diverse skill base in both Information Systems and Information Security; Attack and Penetration testing of Internet infrastructure and Web-based applications; Manual Attack and Penetration testing experience in addition to the use of automated tools; Application source code security review skills are a plus; 1 - 2 years of experience in one or more of the following Database Environments is a plus: Microsoft SQL Server, Oracle, Sybase, DB2 and MySQL; Experience with programming languages such as Java, C, C++, C#, and .NET is a plus; CONTINUING EDUCATION & OPPORTUNITIES All employees throughout their career here have the opportunity to be involved in Training Programs, Mentoring Program and Incentive Compensation Program;
APPLY for this JOB