Beschreibung
We are searching freelancer for our customer, an international finance company, to support it as aSenior Security Consultant (m/w).
Vulnerability Scanning / Pen Testing
Terms of Reference:
• This role encompasses assessment methodologies of penetration testing, operational methodologies of vulnerability assessment and mitigation plan design and management methodologies of leading and driving remediation projects to successful completion on-time and on-budget while producing relevant MI to key stakeholders at a weekly and monthly frequency. This role requires political and business acumen as well as a full suite of technical expertise.
•
• 3+ year application penetration test / vulnerability scanning experience
• Deep understanding of application and network (LAN, Wireless) security testing tools and exploits to identify vulnerabilities and recommend effective corrective actions
• Perform and create procedures for penetration tests, vulnerability assessments and resolution tracking
• Conduct technical risk evaluation of hardware, software, installed systems and networks
• Recommended preventive, mitigating and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
• Participate in the development and maintenance of global information security policy
• Provide technical leadership to the enterprise for the information security program
• Mentor and provide training to IT security team
Activities:
• Security Assessment:
• Maintain assessment and penetrative relevance in a number of the following security assessment domains:
• Infrastructure
• Application
• Wireless
• Network security architecture
Social engineering
• War dialling
• Code review
Operational:
• Establish and manage processes and technologies necessary to ensure that sufficient assessment controls are in place to detect vulnerabilities across the estate.
• Design and delivery mitigation plans for the enterprise by developing top-down and bottom-up information security processes for functional departments
• Take a role, as a subject matter expert, to respond to local, regional, and global security events and incidents.
Information Security:
• Provide support for all Information Security functions such as policy & standards, architecture, intrusion monitoring & response and threat intelligence
• Provision of ‘out of hours’ support and investigation as and when required
Skills:
• Critical Requirements:
• Strong written English skills
• Minimum intermediate level spoken English
• Work independently or lead any size team for engagement on critical infrastructure and/or applications
• Have superior time management and organizational skills to undertake multiple critical projects concurrently
• Have a superior ability to articulate technical concepts and security risk to non-technical business owners and management
• Understand the business context/significance of technical security assessment findings
• Consistently output superior quality of deliverable
• Possess a entrepreneurial attitude to excel in loosely defined scenarios
Technical Knowledge:
• Excellent understanding of security strategies and technologies including secure network design, e-Channels, remote computing, desktop and server hardening, secure web services, Compliance Auditing, Secure Software Development Lifecycles, Software Audit
• Strong knowledge of information security frameworks and standards such as ISO and their application into diverse environments
• Strong understanding of the security mechanisms associated with Windows or Unix operating systems, switched networks, web based applications and databases
• Able to explain security functionality from first principles
• Competent to discuss the underlying technology with product developers
• Understands core development methodologies and their associated technologies
• Can describe major phases, activities, checkpoints and deliverables of the application development lifecycle
• Understands the security controls/processes required to implement a robust secure application and can clearly articulate the risk associated with the failure of those controls/processes
• Excellent TCP/IP knowledge and understanding of security implications/issues over the OSI model
• Strong web application testing experience
• Keen understanding of network security architecture
• Technical risk assessment experience
• Experience with rolling out NIDS and SIMS technology, defining policies and investigating alerts
• Experience with ArcSight and Sourcefire a plus.
Familiarity with proxy architectures and web filtering tools
Projektdauer:
• 01.01.2012 – 6 Monate (mit Option auf Verlängerung)
Einsatzort:
• Frankfurt am Main
Was wir von Ihnen benötigen:
Finden Sie sich in unserer Projektbeschreibung wieder? Dann freuen wir uns über Ihre Kontaktaufnahme mit folgenden Informationen zu Ihrer Person:
• Aussagekräftiges Profil (u.a. mit Projekthistorie)
• Verfügbarkeitsdatum und
• Stundensatzangabe
Ihr Ansprechpartner bei uns:
IQ-NET GmbH
Frau Corinna Meiering
E-Mail:
Telefon:
Wir werden uns umgehend mit Ihnen in Verbindung setzen!
Passt das Projekt nicht auf Sie? Auf unserer Homepage finden Sie weitere interessante Projekte von uns. Schauen Sie doch einmal vorbei: http://www.iqnet-gmbh.de/projektangebote.php
Bei Fragen können Sie sich gerne an uns wenden.