Konica Minolta Business Solutions U.S.A., Inc.
Senior Offensive Security Consultant
Konica Minolta Business Solutions U.S.A., Inc., Kansas City, Missouri, United States, 64101
Overview
The primary role of a Senior Offensive Security Consultant at Depth Security is to perform multidisciplinary assessment services as needed. Examples include Application Security Assessments against web apps, mobile apps, web services, and fat-client applications. Proficiency in delivering Network Vulnerability and Penetration Assessments both externally and internally against wired and wireless targets is also required. Senior Security Consultants can assess external, internal, wired, and wireless networks. Social engineering assessments, both phishing-based and physical, may also be required occasionally. Senior Security Consultants must demonstrate the highest skill levels and help set acceptable assessment standards for the Company.
Responsibilities
Deliver Application Penetration Tests against web apps, mobile apps, web services, and fat-clientsDeliver External, Internal, and Wireless Vulnerability and Penetration TestsDeliver phishing-based and physical Social Engineering AssessmentsCommunicate with customers in a friendly manner, quickly and clearly, and with great accuracy during:Kickoff and scoping callsAssessment status updates and ongoing project communicationReport deliveryWrap-up meetingsAssist in enhancing various company methodologiesMentor Security Consultants and assist in their efforts to develop areas of expertiseDemonstrate the highest level of offensive skills, pre and post-exploitationDemonstrate excellent writing skills both during email correspondence and report creationPrioritize findings based on perceived risk, using existing knowledge of clients’ business to ascertain finding severityLead by example in behavior, work ethic, and punctualityInterpret and obey any applicable customer testing restrictions based on scope and kickoff callsUtilize non-billable time to work on company-directed internal projectsContribute to company methodology and vulnerability repositoriesContribute to company blog and to company image via speaking engagementsUse Scanner in an appropriate manner to automatically find flaws.Quickly eliminate false positive based on intuition and response contentBurp Extender contributorGithubKali NinjaMetasploit ExpertScripting skills: Whatever gets the job done
Qualifications
5+ years’ full-time penetration testing experiencePossess longer-term, multi-disciplinary, expert-level IT skills including sysadmin, infrastructure, net-engineering, software development, and security-engineer experienceApplicants with common industry certifications such as OSCP, OSCE, SANS, CREST, etc. will be preferred.Demonstrates knowledge of all classes of vulnerabilities and exploitsPossess more blue-team knowledgeShould have numerous public vulns/exploits/bug bounty write-upsIdentifies vulnerabilities and discloses on public software on an ongoing basisWrites exploits from scratch if necessaryBurpSuite ExpertAbility to write BurpSuite Extender pluginsAbility to configure working login macrosUse Repeater and Intruder to manually find flaws.
#J-18808-Ljbffr
The primary role of a Senior Offensive Security Consultant at Depth Security is to perform multidisciplinary assessment services as needed. Examples include Application Security Assessments against web apps, mobile apps, web services, and fat-client applications. Proficiency in delivering Network Vulnerability and Penetration Assessments both externally and internally against wired and wireless targets is also required. Senior Security Consultants can assess external, internal, wired, and wireless networks. Social engineering assessments, both phishing-based and physical, may also be required occasionally. Senior Security Consultants must demonstrate the highest skill levels and help set acceptable assessment standards for the Company.
Responsibilities
Deliver Application Penetration Tests against web apps, mobile apps, web services, and fat-clientsDeliver External, Internal, and Wireless Vulnerability and Penetration TestsDeliver phishing-based and physical Social Engineering AssessmentsCommunicate with customers in a friendly manner, quickly and clearly, and with great accuracy during:Kickoff and scoping callsAssessment status updates and ongoing project communicationReport deliveryWrap-up meetingsAssist in enhancing various company methodologiesMentor Security Consultants and assist in their efforts to develop areas of expertiseDemonstrate the highest level of offensive skills, pre and post-exploitationDemonstrate excellent writing skills both during email correspondence and report creationPrioritize findings based on perceived risk, using existing knowledge of clients’ business to ascertain finding severityLead by example in behavior, work ethic, and punctualityInterpret and obey any applicable customer testing restrictions based on scope and kickoff callsUtilize non-billable time to work on company-directed internal projectsContribute to company methodology and vulnerability repositoriesContribute to company blog and to company image via speaking engagementsUse Scanner in an appropriate manner to automatically find flaws.Quickly eliminate false positive based on intuition and response contentBurp Extender contributorGithubKali NinjaMetasploit ExpertScripting skills: Whatever gets the job done
Qualifications
5+ years’ full-time penetration testing experiencePossess longer-term, multi-disciplinary, expert-level IT skills including sysadmin, infrastructure, net-engineering, software development, and security-engineer experienceApplicants with common industry certifications such as OSCP, OSCE, SANS, CREST, etc. will be preferred.Demonstrates knowledge of all classes of vulnerabilities and exploitsPossess more blue-team knowledgeShould have numerous public vulns/exploits/bug bounty write-upsIdentifies vulnerabilities and discloses on public software on an ongoing basisWrites exploits from scratch if necessaryBurpSuite ExpertAbility to write BurpSuite Extender pluginsAbility to configure working login macrosUse Repeater and Intruder to manually find flaws.
#J-18808-Ljbffr