---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Security Consultant
Location: New York, New York, United States
Type: Permanent F/T
Closing Date: 2007-10-14
POSITION: Senior Attack & Penetration Consultant – Security & Privacy
Solutions / Technology Risk
REPORTS TO: Technology Risk Manager
LOCATION: New York, NY
INFORMATION: www.protiviti.com
CONTACT: Kimberly.Barbieri@protiviti.com
Protiviti is the leading international provider of independent internal audit,
business and technology risk consulting services. Protiviti helps companies
identify, measure, and manage operational and technology-related risks they
face within their business, their systems and processes. We help our clients
seize new opportunities for growth and profitability while managing their
business and technology risks.
Independence means objective, unfettered advice delivered in the best interests
of our clients. We work with 22% of the Fortune 1000 companies in industries
such as financial services and real estate, media, hospitality and
communication, manufacturing, distribution and technology, consumer products
and retail, government, education and not-for-profit. In just over 5 years,
Protiviti has established itself as the leader in the marketplace, with over 50
offices in North America, Europe, Asia and Australia.
Information Technology Security Services
Protiviti’s Information Security Services practice helps companies to
identify, analyze, and mitigate technology risks, apply automated controls, and
standardize information security processes for the protection of high value
information assets. Protiviti’s deep expertise in Information Security
can help ensure the integrity, reliability and performance of these processes.
The following statements are intended to describe the general nature and level
of work being performed. This is not intended to be construed as an exhaustive
list of all responsibilities, duties and skills required of personnel.
JOB DESCRIPTION
OVERALL RESPONSIBILITY
The Senior Consultant has primary responsibility for direct supervision of
Consultants in developing and executing Information Security project work
plans. The Senior Consultant has direct, client-facing engagement
responsibilities. Serving as both role model and trainer, the Senior
Consultant demonstrates the attributes of excellent client service and assists
team members in developing technical and professional competency. The Senior
Consultant learns to identify areas of IT risk in the client environment and
opportunities to help them to improve information security, and business
processes.
SPECIFIC RESPONSIBILITIES
 Supervise and train project personnel;
 Review, document, evaluate and test Information Security (IS)
controls in a wide range of IT environments including Windows, Linux,
Mainframe, mid-range and client server. The Senior Consultant must be well
versed in various IS controls which address organizational structure and
administration practices, system development and maintenance procedures, system
software and hardware controls, security and access controls, computer
operations, environmental protection and detection, and backup and recovery
procedures;
 Review information system architecture and security controls.
The Senior Consultant should be able to assess technical security controls and
related operational procedures. This includes, but is not limited to, firewall
and border router configurations, operating systems configurations, wireless
architectures, databases, specialized appliances and information security
policies and procedures;
 Execute internal and external Network Attack and Penetration,
and Vulnerability Assessments. This entails behaving like a highly motivated
attacker to obtain physical access to client facilities (social engineering),
identifying internal information assets, assessing threats and exploiting
vulnerabilities via the use of manual techniques and automated testing tools
such as native Operating System, network maintenance and troubleshooting
commands as well as automated scanning software, e.g., NMap port scanner and
Nessus vulnerability scanner;
 Additionally, assist engagement management team in performing
root cause analysis, prioritizing identified vulnerabilities, and developing
action plans to address these areas;
 Perform Web Applications Penetration Tests and Vulnerability
Assessments utilizing software tools such as WebInspect and Nikto, and manual
techniques to exploit vulnerabilities like cross-site scripting, SQL
injections, session hi-jacking and buffer overflows to obtain controlled access
to target systems;
 Perform network traffic forensic analysis, utilizing packet
capturing software, to isolate malicious network behavior, inappropriate
network use or identification of insecure network protocols;
 Develop understanding of project requirements and client’s
business;
 Communicate IS control strengths and weaknesses to the client
or internal audit engagement team and assist in developing effective solutions;
 Ensure timely completion of established project milestones;
 Develop and maintain effective client relationships;
 Develop and apply proficiency with Protiviti policies and
methodologies;
 Apply understanding of business processes and technical skills
to successful completion of projects;
 Prepare audit reports on findings and recommendations to senior
management;
 Assist with administrative duties such as Project Setup,
Account Billing, Reconciling Job Summaries, Recruiting and Business
Development;
 Demonstrate consistency in values, principles and work ethics.
ABITLITY TO TRAVEL
 The position requires up to 40% out-of-town travel to client
locations.
EDUCATIONAL & PROFESSIONAL CREDENTIALS REQUIRED
 Bachelor’s degree in a relevant discipline (Computer
Information Systems, Information System Technologies, Management Information
Systems);
 Minimum GPA 3.0;
 3+ years in a related field, preferably in professional
services and/or industry.
EDUCATIONAL & PROFESSIONAL CREDENTIALS PREFERRED
 Professional Certification such as CISSP, CISM, GSEC, GIAC are
strongly preferred (required for advancement to Manager-level position);
 Consulting experience in Information Security, particularly in
vulnerability assessments, penetration testing, security architecture reviews,
web application security reviews, and wireless security assessments.
JOB REQUIREMENTS
---------------------------------------------------
REQUIRED KNOWLEDGE & SKILLS
 Project management skills;
 Proficiency in utilization of information security tools such
as Nessus, Kismet, Airsnort, NMAP, Ethereal, etc;
 Leadership in a team environment and fostering client
relationships;
 Supervisory skills;
 Understanding of the importance of business ethics;
 Sound job administration skills;
 Above-average written communication skills, including
documentation of findings and recommendations;
 Analytical skills;
 Ability to handle highly confidential information in a strictly
professional manner;
 Ability to maintain professional demeanor in times of high
stress.
REQUIRED TECHNICAL KNOWLEDGE & SKILLS
 3 years hands on experience in one or more of the following
Operating Systems: Windows Server 2003/2000/NT, Linux and UNIX;
 3 years practical experience in TCP/IP Networking;
 A diverse skill base in both Information Systems and
Information Security;
 Attack and Penetration testing of Internet infrastructure and
Web-based applications;
 Manual Attack and Penetration testing experience in addition to
the use of automated tools is a plus;
 Application source code security review skills are a plus;
 1 – 2 years of experience in one or more of the following
Database Environments is a plus: Microsoft SQL Server, Oracle, Sybase, DB2 and
MySQL;
 Experience with programming languages such as Java, C, C++, C#,
and .NET is a plus;
CONTINUING EDUCATION & OPPORTUNITIES
 All employees throughout their career with Protiviti have the
opportunity to be involved in our Training Programs, Mentoring Program and
Incentive Compensation Program;
CONTACT
---------------------------------------------------
Please sumbit all resumes to Kimberly.Barbieri@protiviti.com
Protiviti
Kimberly Barbieri
Recruiting Manager
kimberly.barbieri@protiviti.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
