Offensive Security Consultant
Konica Minolta Business Solutions Canada · Kansas City, MO · 2 wk ago
Information TechnologyFull-time
About the role
This is an opportunity to work with diverse clients, tackle challenging environments, and make a direct impact on organizations' security postures. Offensive Security Consultant candidates are motivated offensive security professionals, often with 2-5 years of pen testing experience not counting previous IT experience.
Responsibilities
- Deliver Application Penetration Tests against web apps, mobile apps, web services, and fat-clients
- Perform Small to Medium-sized Network Penetration Tests
- Communicate with customers in a friendly manner, quickly and clearly, and with great accuracy during: Kickoff and scoping calls, Assessment status updates and ongoing project communication, Report delivery, Wrap-up meetings, Non-Billable events such as lunches, conferences, and meetups
- Work towards professional-level certs such as the OSCP if they have not already been achieved
- Aid in enhancing various company methodologies and other documentation
- Aid peers in identifying/exploiting issues during assessments
- Demonstrate excellent writing skills both during email correspondence and report creation
- Prioritize findings based on perceived risk, using existing knowledge of clients’ business to ascertain finding severity
- Lead by example in behavior, work ethic, and punctuality
- Interpret and obey any applicable customer testing restrictions based on scope and kickoff calls
- Utilize non-billable time to work on company-directed internal projects
- Develop and own an area of expertise e.g. web services, SQL injection killer, mobile apps, Powershell, reporting god, Java, XXE skills, etc.
- Contribute to company methodology and vulnerability repositories
Qualifications
- 2+ years’ full-time penetration testing experience
- Full familiarity with OWASP top 10, SANS top 25
- Applicants with common industry certifications such as OSCP, OSCE, SANS, CREST, and etc. will be preferred
- Applicants with public disclosure track record will be preferred
- Excellent communication skills in written, verbal, and in-person formats
- High-level knowledge of common platforms and their vulnerabilities
- BurpSuite expert
- Ability to configure working login macros
- Use Repeater and Intruder to manually find flaws
- Use Scanner in an appropriate manner to automatically find flaws
- Quickly eliminate false positive based on intuition and response content
- Alter existing exploits so they apply to different assessment targets