Beschreibung
Wir suchen erfahrene Freelancer, die uns bei der Durchführung des Projektes unterstützen:Senior Security Consultant (m/w)
Vulnerability Scanning / Pen Testing
Aufgabenbeschreibung:
This role encompasses assessment methodologies of penetration testing, operational methodologies of vulnerability assessment and mitigation plan design and management methodologies of leading and driving remediation projects to successful completion on-time and on-budget while producing relevant MI to key stakeholders at a weekly and monthly frequency. This role requires political and business acumen as well as a full suite of technical expertise.
- 3+ year application penetration test / vulnerability scanning experience
- Deep understanding of application and network (LAN, Wireless) security testing tools and exploits to identify vulnerabilities and recommend effective corrective actions
- Perform and create procedures for penetration tests, vulnerability assessments and resolution tracking
- Conduct technical risk evaluation of hardware, software, installed systems and networks
- Recommended preventive, mitigating and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
- Participate in the development and maintenance of global information security policy
- Provide technical leadership to the enterprise for the information security program
- Mentor and provide training to IT security team
Tätigkeiten:
Security Assessment:
Maintain assessment and penetrative relevance in a number of the following security assessment domains:
- Infrastructure
- Application
- Wireless
- Network security architecture
- Social engineering
- War dialling
- Code review
Operational:
- Establish and manage processes and technologies necessary to ensure that sufficient assessment controls are in place to detect vulnerabilities across the estate.
- Design and delivery mitigation plans for the enterprise by developing top-down and bottom-up information security processes for functional departments
- Take a role, as a subject matter expert, to respond to local, regional, and global security events and incidents.
Information Security:
- Provide support for all Information Security functions such as policy & standards, architecture, intrusion monitoring & response and threat intelligence
- Provision of ‘out of hours’ support and investigation as and when required
Skills:
- Critical Requirements:
- Strong written English skills
- Minimum intermediate level spoken English
- Work independently or lead any size team for engagement on critical infrastructure and/or applications
- Have superior time management and organizational skills to undertake multiple critical projects concurrently
- Have a superior ability to articulate technical concepts and security risk to non-technical business owners and management
- Understand the business context/significance of technical security assessment findings
- Consistently output superior quality of deliverable
- Possess a entrepreneurial attitude to excel in loosely defined scenarios
Technical Knowledge:
- Excellent understanding of security strategies and technologies including secure network design, e-Channels, remote computing, desktop and server hardening, secure web services, Compliance Auditing, Secure Software Development Lifecycles, Software Audit
- Strong knowledge of information security frameworks and standards such as ISO and their application into diverse environments
- Strong understanding of the security mechanisms associated with Windows or Unix operating systems, switched networks, web based applications and databases
- Able to explain security functionality from first principles
- Competent to discuss the underlying technology with product developers
- Understands core development methodologies and their associated technologies
- Can describe major phases, activities, checkpoints and deliverables of the application development lifecycle
- Understands the security controls/processes required to implement a robust secure application and can clearly articulate the risk associated with the failure of those controls/processes
- Excellent TCP/IP knowledge and understanding of security implications/issues over the OSI model
- Strong web application testing experience
- Keen understanding of network security architecture
- Technical risk assessment experience
- Experience with rolling out NIDS and SIMS technology, defining policies and investigating alerts
- Experience with ArcSight and Sourcefire a plus.
- Familiarity with proxy architectures and web filtering tools
Ihr aussagekräftiges Profil schicken Sie bitte per E-Mail unter Angabe
des nächstmöglichen Verfügbarkeitsdatums und mit Angabe Ihres Stundensatzes an:
IQ-NET AG, Marija Pehar
Weitere Projektanfragen von uns finden Sie auch unter:
http://www.iqnet-ag.de/projektangebote.html
Wir werden uns dann umgehend mit Ihnen in Verbindung setzen.