Overview

Offensive Security Consultant

Hack. Discover. Advise. Make an Impact.

Are you passionate about breaking things to make them stronger? Do you thrive on uncovering vulnerabilities before threat actors do? We're looking for a highly motivated Offensive Security Consultant to join our growing team of security experts. This is an opportunity to work with diverse clients, tackle challenging environments, and make a direct impact on organizations' security postures.

Offensive Security Consultant candidates are motivated offensive security professionals, often with 2-5 years of pen testing experience not counting previous IT experience. The primary role of an Offensive Security Consultant is to perform External Network Penetration Tests as well as Application Penetration Tests against web applications, mobile applications, and web services. Security Consultants are expected to execute the appropriate testing methodology, identify risk at a level commensurate with the company bar, perform punctually, clearly document findings for multiple audiences, and demonstrate outstanding customer service skills.

Responsibilities
• Deliver Application Penetration Tests against web apps, mobile apps, web services, and fat-clients
• Security Consultants who have proven adept at application penetration testing will perform small to medium-sized Network Penetration Tests.
• Communicate with customers in a friendly manner, quickly and clearly, and with great accuracy during:

o Kickoff and scoping calls

o Assessment status updates and ongoing project communication

o Report delivery

o Wrap-up meetings

o Non-Billable events such as lunches, conferences, and meetups
• Work towards professional-level certs such as the OSCP if they have not already been achieved
• Assist in enhancing various company methodologies and other documentation
• Work with project management to enhance the company's overall efficiency
• Assist peers in identifying/exploiting issues during assessments
• Demonstrate excellent writing skills both during email correspondence and report creation
• Prioritize findings based on perceived risk, using existing knowledge of clients' business to ascertain finding severity
• Lead by example in behavior, work ethic, and punctuality
• Interpret and obey any applicable customer testing restrictions based on scope and kickoff calls
• Utilize non-billable time to work on company-directed internal projects
• Develop and own an area of expertise e.g. web services, SQL injection killer, mobile apps, Powershell, reporting god, Java, XXE skills, etc.
• Contribute to company methodology and vulnerability repositories

Qualifications
• 2+ years' full-time penetration testing experience
• Full familiarity with OWASP top 10, SANS top 25
• Applicants with common industry certifications such as OSCP, OSCE, SANS, CREST, and etc. will be preferred.
• Applicants with public disclosure track record will be preferred
• Excellent communication skills in written, verbal, and in-person formats
• High-level knowledge of common platforms and their vulnerabilities
• BurpSuite expert

o Ability to configure working login macros

o Use Repeater and Intruder to manually find flaws.

o Use Scanner in an appropriate manner to automatically find flaws.

o Quickly eliminate false positive based on intuition and response content
• Kali Linux
• GitHub
• Research

o Search for flaws in fingerprinted services/components

o Find exploits in vulnerable fingerprinted services/components

o Use existing research to craft proof of concepts for assessments
• Ability to alter existing exploits so they apply to different assessment targets

#DL1

This posting reflects an existing vacancy that we are actively recruiting for.

Cette annonce correspond à un poste actuellement vacant pour lequel nous recrutons activement.

Salary Disclaimer

Konica Minolta is committed to transparent and equitable compensation practices. Our pay structure is designed to support employee growth, allowing individuals to progress through the salary range as they advance in their role. Actual base pay offered will vary based on a candidate's skills, experience, job-related knowledge, geographic location, and specific business needs.

Salaire- A titre indicatif

Konica Minolta s'engage en faveur de pratiques de rémunération transparentes et équitables. Notre structure salariale est conçue pour soutenir la croissance des employés, permettant aux individus de progresser dans la fourchette salariale au fur et à mesure de leur progression. Le salaire de base réel proposé variera en fonction des compétences, de l'expérience, des connaissances liées au poste, de la localisation géographique et des besoins spécifiques de l'entreprise du candidat.

AI Disclosure

Konica Minolta Business Solutions (Canada) Ltd., or its authorized third-party contractors, may employ Artificial Intelligence technologies to support elements of the recruitment process. Notwithstanding this, Applications are reviewed by our recruitment team, who always make the final hiring decision.

Mention d'utilisation de l'IA

Konica Minolta Business Solutions (Canada) Ltd., ou ses prestataires tiers autorisés, peuvent utiliser des technologies d'intelligence artificielle pour soutenir certains aspects du processus de recrutement. Néanmoins, les candidatures sont examinées par notre équipe de recrutement, qui prend toujours la décision finale d'embauche.