A Principal Security Consultant has a deep level of expertise and vast knowledge base in core technical testing domains in order to successfully lead project activities assess and consult with internal and external customers and deliver high-quality products. You are analytical, innovative, possess a strong sense of attention to detail, and able to demonstrate strong written and oral communication skills. You present complex solutions and topics in a concise manner. You are comfortable blending multiple services lines and offerings into one harmonious deliverable and executive presentation for audiences of all levels and skillsets.
The Principal Security Consultant will help conduct security assessments for clients across the United States. You will have subject matter expertise in one of the key areas of technical testing. Primarily, this will be a focus on web application testing or penetration testing but this work could also involve performing external and internal vulnerability assessments, wireless assessments, and other security testing activities. This role will also assist in the refinement and development of the methodologies and tools used by the Presidio Cyber Security team.
- Lead large security engagements in concert with other Presidio teams.
- Perform web application testing across various web application platforms
- Perform black-box, gray-box, and other variants of internal and external penetration testing
- Lead technically-focused projects with assistance of Engagement Managers
- Perform assessment activities for external, internal, social engineering, wireless, etc. projects
- Provide clear and professional reporting of assessment results to clients
- Develop standards and methodologies within the Cyber Security Division
- Review key factors, including inherent risk, mitigating controls, business impact, likelihood and other key elements to determine security risk.
- Work with other Principal Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as documentation review, and security consulting services.
- Assist Delivery Practice Leads in cybersecurity administrative functions, such as documentation maintenance, documentation creation, peer review, and other cyber security
- We seek a Bachelor’s Degree in Information Security or a related discipline or the equivalent work experience and/or military experience.
- We seek a minimum of 5-7 years experience conducting penetration tests, web application assessments, or other high-level technical testing.
- Deep knowledge of testing OWASP Top 10
- Substantial experience with security tools such as Burp Suite, Nessus, Nmap, Metasploit, etc.
- Deep knowledge of common vulnerabilities and exploits, hacker methodologies, and tactics
- Programming/scripting skills preferred (Python, PowerShell, Bash, etc.)
- Working knowledge of the TCP/IP protocol suite, TCP/IP headers and packets, the OSI model, and commonly used TCP/UDP ports and associated services
- Working knowledge of routing protocols, switching, firewall configuration, and security best practices, etc.
- Working knowledge of common OS and domain structures (Red Hat Linux, Oracle/Sun, Windows, Active Directory, etc.), servers, services, and associated vulnerabilities
- Ability to manage multiple tasks and responsibilities, work independently or in small teams, achieve established goals and objectives, and communicate progress in a timely and meaningful manner.
- You have the ability to travel on short notice
Required Soft Skills:
- Demonstrate ownership of projects and tasks, coupled with a sense of urgency in completing assign activities.
- Strong cross-functional team participant and collaborative approach to problem-solving.
- Manage and guide engagement members to engagement completion.
- Strong verbal and written communication skills, organizational skills, and attention to detail
- Strong presentation skills
- Ability to maintain composure and professionalism in an interrupt-driven environment
- Ability to manage multiple and changing priorities and tasks.
- Current information security certifications such as OSCP, 600-level SANS courses, and CISSP are preferred.
- Experience with project deliverables from a VAR/Integrator experience
- Prior experience working closely with customers and collaborating with IT staff
- Ability to be flexible and embrace change
- Self-motivated and self-directed.
- Self-starter with the ability to manage their own tasks into a larger project or program effort