Sign In
 [New User? Sign Up]
Mobile Version

Consultant Professional Services 3 - Vulnerability Threat Managment

AT&T


Date:
06/22/2017
2017-06-222017-07-22
Job Code:
att4-4757364
Apply on the Company Site
  •  
  • Save Ad
  • Email Friend
  • Print

Job Details

Company AT&T

Job Title Consultant Professional Services 3 - Vulnerability Threat Managment

Jobid att4-4757364

Location: St. Louis, MO, USA

Description AT&T Consulting Solutions is a wholly owned subsidiary
of AT&T (a Fortune Global Top 10 company). AT&T is looking for a sharp
penetration tester for the position of a Senior Consultant located anywhere in
the US to be a part of a dynamic team of experienced security professionals
with varied experiences. AT&T consulting clients range from some of the
largest networks in the world to small businesses requiring security consulting
expertise.



**Job Duties:**



Perform network and application layer penetration tests for
AT&T’s customers’ Internet-accessible and internal applications and networks. A knowledge of wireless penetration testing and web application development security
strongly desired. Incident Response and Forensic skills a plus. The candidate
should have a deep understanding of TCP/IP, network discovery, DNS enumeration,
vulnerability scanning, exploitation methods and privilege escalation. The
candidate should also have an excellent grasp of web application exploitation
and the OWASP list. The candidate must
be able to write objective, detailed reports explaining security issues.



**Requirements:**



+ Bachelors degree or higher, Masters Degreepreferred.

+ Information Security experience of a minimum ofthree years

+ Knowledge of Linux, UNIX, Windows and otheroperating systems

+ Knowledge of popular databases such as MSSQL,Oracle, and MySQL

+ Deep Knowledge of TCP/IP, network protocols,firewall evasion, ethical hacking, routing protocols

+ Experience in evading IDS/IPS, access controllists

+ Experience with Nmap, Nessus/Qualys, Metasploit,Paros, Kismet, aircrack-ng, etc.

+ Ability to write customized scripts using atleast two of bash, Perl, Ruby, Python

+ Knowledge of C/C++, Java, C#, Python or similarwould be beneficial

+ Ability to travel 50%-75%, must possess drivers’license

+ Strong report writing skills and ability toexplain complex security issues to customers

+ Must be a flexible team player, hard-working,excellent communication and customer-facing skills

+ Security certifications such as CISSP, CEH, SANSGSEC, etc. preferred

+ Other industry certifications relating to ITsecurity and program management preferred (GIAC, CEH, TNCP, ITILv2 PMP, etc...)

+ PCI DSS experience preferred



**Technical Skills**



+ Strong technical problem / resolution skills

+ Mid to advanced level infrastructure or securitydesign capabilities for environments that include 10 to 20 security devices,processes or applications.

+ Mid to advanced level systems administration(UNIX/Linux, Windows, or mainframe)

+ Knowledge with different applicationarchitectures and platforms, their development challenges, their controlconfigurations, and their inherent security strengths and weaknesses (e.g.,ColdFusion, J2EE, .Net)

+ Mid to advanced level network administration(firewalls, IDS/IPS, network architecture)

+ Experience with web application penetrationtesting tools preferred, such as Burp Suite Pro, IBM AppScan, HP WebInspect,etc.

+ Advanced level of methods and knowledge of threeor more of the following:



+ Vulnerability scanning

+ Penetration testing (network, system andapplication)

+ Application Security

+ Code Review

+ Forensics and Incident Response

+ Security event monitoring



+ Vendor certification or demonstrable in-depthtechnical expertise with at least three major security solution



+ Examples Only: Symantec, McAfee, VeriSign,Juniper, Checkpoint, Cisco, Arcsite, Tripwire, etc.

+ Demonstrable experience includes being able togather customer requirements, design a solution, specify a build of materials,implement, tune/optimize, maintain or troubleshoot at an architecture componentlevel for an existing solution



**AdditionalRequirements**



+ Bi-lingual candidatesa plus

+ Incident Response andForensic experience a strong plus

+ Ability to work independently and alsocollaborating closely with application developers, engineers and others.

+ Effective written, oral communication skills,and interpersonal communication skills.

+ Strong communications skills to be able tointeract with technical and non-technical colleagues.

+ Knowledge of the latest security threats,techniques and exploits targeting vulnerabilities

+ Strong familiarity with multiple operatingsystems, databases, applications and platforms.

+ Understanding of SQL, XSS, CSRF and other trendsin web exploitation

+ Working understanding of HTML and common webapplications

+ Thorough understanding of computer networkingand the OSI model

+ Cyber-threat research, reporting anddevelopment/implementation of vulnerability mitigation strategies a plus

+ Programming experience is a plus

+ Calculate and assess risk based on threats,vulnerabilities, and mitigating factors.

+ Knowledge of exploit development is a plus.

+ Demonstrated knowledge and experience evaluatingIT process areas, such as logical and physical access, program development,change management, IT operations etc.

+ Strong task management skills and ability tomulti-task.

+ Detail oriented and analytical.



Apply on the Company Site

Featured Jobs[ View All ]

Featured Employers [ View All ]