AT&T Consulting Solutions is a wholly owned subsidiary of AT&T (a Fortune Global Top 10 company). AT&T is looking for a sharp penetration tester for the position of a Senior Consultant located anywhere in the US to be a part of a dynamic team of experienced security professionals with varied experiences. AT&T consulting clients range from some of the largest networks in the world to small businesses requiring security consulting expertise.
Perform network and application layer penetration tests for AT&T’s customers’ Internet-accessible and internal applications and networks. A knowledge of wireless penetration testing and web application development security strongly desired. Incident Response and Forensic skills a plus. The candidate should have a deep understanding of TCP/IP, network discovery, DNS enumeration, vulnerability scanning, exploitation methods and privilege escalation. The candidate should also have an excellent grasp of web application exploitation and the OWASP list. The candidate must be able to write objective, detailed reports explaining security issues.
- Bachelors degree or higher, Masters Degree preferred.
- Information Security experience of a minimum of three years
- Knowledge of Linux, UNIX, Windows and other operating systems
- Knowledge of popular databases such as MSSQL, Oracle, and MySQL
- Deep Knowledge of TCP/IP, network protocols, firewall evasion, ethical hacking, routing protocols
- Experience in evading IDS/IPS, access control lists
- Experience with Nmap, Nessus/Qualys, Metasploit, Paros, Kismet, aircrack-ng, etc.
- Ability to write customized scripts using at least two of bash, Perl, Ruby, Python
- Knowledge of C/C++, Java, C#, Python or similar would be beneficial
- Ability to travel 50%-75%, must possess drivers’ license
- Strong report writing skills and ability to explain complex security issues to customers
- Must be a flexible team player, hard-working, excellent communication and customer-facing skills
- Security certifications such as CISSP, CEH, SANS GSEC, etc. preferred
- Other industry certifications relating to IT security and program management preferred (GIAC, CEH, TNCP, ITILv2 PMP, etc...)
- PCI DSS experience preferred
- Strong technical problem / resolution skills
- Mid to advanced level infrastructure or security design capabilities for environments that include 10 to 20 security devices, processes or applications.
- Mid to advanced level systems administration (UNIX/Linux, Windows, or mainframe)
- Knowledge with different application architectures and platforms, their development challenges, their control configurations, and their inherent security strengths and weaknesses (e.g., ColdFusion, J2EE, .Net)
- Mid to advanced level network administration (firewalls, IDS/IPS, network architecture)
- Experience with web application penetration testing tools preferred, such as Burp Suite Pro, IBM AppScan, HP WebInspect, etc.
- Advanced level of methods and knowledge of three or more of the following:
- Vulnerability scanning
- Penetration testing (network, system and application)
- Application Security
- Code Review
- Forensics and Incident Response
- Security event monitoring
- Vendor certification or demonstrable in-depth technical expertise with at least three major security solution
- Examples Only: Symantec, McAfee, VeriSign, Juniper, Checkpoint, Cisco, Arcsite, Tripwire, etc.
- Demonstrable experience includes being able to gather customer requirements, design a solution, specify a build of materials, implement, tune/optimize, maintain or troubleshoot at an architecture component level for an existing solution
- Bi-lingual candidates a plus
- Incident Response and Forensic experience a strong plus
- Ability to work independently and also collaborating closely with application developers, engineers and others.
- Effective written, oral communication skills, and interpersonal communication skills.
- Strong communications skills to be able to interact with technical and non-technical colleagues.
- Knowledge of the latest security threats, techniques and exploits targeting vulnerabilities
- Strong familiarity with multiple operating systems, databases, applications and platforms.
- Understanding of SQL, XSS, CSRF and other trends in web exploitation
- Working understanding of HTML and common web applications
- Thorough understanding of computer networking and the OSI model
- Cyber-threat research, reporting and development/implementation of vulnerability mitigation strategies a plus
- Programming experience is a plus
- Calculate and assess risk based on threats, vulnerabilities, and mitigating factors.
- Knowledge of exploit development is a plus.
- Demonstrated knowledge and experience evaluating IT process areas, such as logical and physical access, program development, change management, IT operations etc.
- Strong task management skills and ability to multi-task.
- Detail oriented and analytical.