At NTT DATA we know that with the right people on board, anything is possible. The quality, integrity, and commitment of our employees have been key factors in our company’s growth and market presence. By hiring the best people and helping them grow both professionally and personally, we ensure a bright future for NTT DATA Services and for the people who work here.
We are currently seeking a skilled Security Architect with significant experience with Penetration Testing and Vunerability Analysis.
- Plan, assess, test, analyze, and report information on security vulnerabilities and possible exploitations present in a variety of complex and secure computer systems as well as arrange fixes with the appropriate teams for identified issues across three vectors: system infrastructure, network infrastructure, and web application.
- Provide technical information system security testing in support of the appropriate security risk management processes using security assessment and technical testing efforts, including in-depth network and application vulnerability testing for automated and manual testing and demonstrable false positive validation.
- Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, etc.)
- Provide analytical support to the Security Operations team during investigations of attacker activity to help them understand malware behaviors and attack methods
- Develop documentation in support of testing efforts, including test plans, preliminary findings reports, security assessment reports, and other test artifacts, as required by the government.
- Work with commercial and government open source vulnerability assessment tools and techniques used for evaluating operating systems, databases, and Web applications.
- Identify gaps in IT infrastructure by mimicking an attacker’s behaviors and responses.
- Research tools, techniques, countermeasures and trends in network vulnerabilities, data hiding and network security
- Ability to develop strong working relationships with a variety of other enabling teams
- Strong attention to detail, data accuracy, and data analysis
- Self-motivated and operates with a high sense of urgency and a high level of integrity
- Previous experience working in large scale environments with diverse technologies
5+ years of experience with security, including penetration testing and vulnerability assessments
- US. Citizenship
- Experience with vulnerability analysis or reverse engineering
- Knowledge of Windows, UNIX or Linux operating systems, TCP/IP protocol stack, and networking tools
- Application development background and security knowledge in C, C++, C#, Java, ASM, PHP, Perl, Microsoft .NET, Python, or Ruby and Linux or UNIX shell scripting
- Experience with various security tools and products (Nessus, Burp Suite, Fortify, Kali, etc…)
- Ability to parse and decode various application level protocols, including XML, HTTP, and MPEG
- Knowledge of security frameworks, including NIST, HIPPA, IRS PUB 1075, SSA TSSR, or CMS and the Metasploit framework
- Vulnerability analysis and threat management experience
- Familiarization with XSS, SSJS, filter bypassing, SQL Injection, etc.
- Strong understanding of network protocols, design and operations
- Experience with problem solving using out-of-the-box approaches
- Be willing to learn and teach
- Be very well organized
- Highly skilled in English communication both written and verbal
- Ability to write comprehensive reports regarding analytical findings
- Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
- Knowledge of malware packing and obfuscation techniques
- Must be able to explain different methodologies and deliverables
- Demonstrated understanding of private sector, or other large organization, security and IT infrastructures
Preferred Additional Skills:
- CISSP, CISA, Certified Ethical Hacker (CEH) Certification
- CompTIA Network+, Security+, Linux+, or CASP Certification
- Certified Penetration Tester (CPT) Certification
- Certified Expert Penetration (CEPT) Tester Certification
- GIAC Certified Penetration (GPEN) Tester Certification
- Offensive Security Certified Professional (OSCP) Certification
- 2+ years Red Team experience.