RVASI ethical hacking solutions
Search
About US Career Openings
Our Company
Our Team
Our Clients
Partners
Careers
Online Store

Sr. Information Security Consultant (Application Security Tester)

Remote Office, USA

RVASI is looking for extremely talented, knowledgeable and experienced Information Security professionals to conduct comprehensive Web application vulnerability assessments against a wide-range of off-the-shelf and custom Web applications.  This position requires individuals with superb technical skills and communication abilities who are able to think out side of the box.  Consultants may work from remote offices and travel to engagements on an as-needed basis.

Responsibilities include but are not limited to:

  • Conduct comprehensive Ethical Hacks/vulnerability assessments against client Web applications and E-commerce sites

  • Document assessment findings and provide clear, concise, and practical recommendations and/or solutions for remediating or mitigating the risk of vulnerabilities discovered

  • Perform in-depth application vulnerability and exploit research, analysis and testing in a lab environment

  • Work well within a multidisciplinary team and deliver value-added Information Security services and solutions to globally based clients

  • Develop Web application security policies, procedures, and technical standards for clients based on their needs and/or requirements on an as-needed basis

  • Travel to client sites and conduct comprehensive internal vulnerability assessments with little supervision

  • Provide expert and efficient day-to-day management of multiple client projects

The ideal candidates should have the following experience and qualifications:

  • 5-7years of hands on experience performing in-depth Web application penetration tests against commercial and custom applications

  • Must be able to write at a "publication" quality level and expertly communicate findings and recommendations to the client's senior management in an easily understandable format

  • Experience using a wide-range of commercial and Open Source application vulnerability assessment tools

  • Intimate knowledge and hands-on experience using manual ethical hacking tools and techniques; must have the ability to uncover complex nested vulnerabilities

  • Proven experience thoroughly testing the security of applications during all stages of the software development life cycle

  • 3-5 years of programming experience using C, C++, ASP, PHP, PERL, JAVA, J2EE, and shell scripting

  • Prior system security administration, security risk assessment, IT architecture development, firewall, and IDS/IPS architectural design experience a definite plus

  • Expert knowledge of security industry best practices and standards, specifically experience with ISO 17799, NIST, OWASP, and other leading standards; in-depth knowledge of regulatory and compliance requirements a must

  • Ability to work independently in a remote office setting and as part of a dynamic and energetic security team

  • Possess a Bachelors' in Computer Science or a related field, or equivalent experience, Masters’ in Computer Science a strong plus

  • CISSP, GIAC, CISA, and CEH certifications preferred

  • Must be able to pass a formal exam where you will be asked to conduct an assessment of a Web application or set of applications and develop and provide a formal report on your findings

  • Must be able to pass a thorough background investigation to be considered for position

 

Sr. Information Security Consultant (Network & System Security Tester)

Remote Office, USA

RVASI is looking for extremely talented, knowledgeable and experienced Information Security professionals to conduct low-level vulnerability scans, penetration tests, and comprehensive vulnerability assessments against client networks and systems.  This position requires individuals with strong backgrounds and hands-on experience designing, implementing, managing, and security testing diverse networks and systems.  Consultants may work from remote offices and travel to engagements on an as-needed basis.

Responsibilities include but are not limited to:

  • Perform low-level vulnerability scans, penetration tests, and comprehensive vulnerability assessments against client networks and systems to include war dialing and social engineering (on an as-needed basis)

  • Document assessment findings and provide clear, concise, and practical recommendations and/or solutions for remediating or mitigating the risk of vulnerabilities discovered

  • Perform in-depth network/system vulnerability and exploit research, analysis and testing in a lab environment

  • Work well within a multidisciplinary team and deliver value-added Information Security services and solutions to globally based clients

  • Develop network and system security policies, procedures, and technical standards for clients based on their needs and/or requirements on an as-needed basis

  • Travel to client sites and conduct comprehensive internal vulnerability assessments with little supervision

  • Provide expert and efficient day-to-day management of multiple client projects

The ideal candidate should have the following experience and qualifications:

  • 5-7 years of hands-on experience performing vulnerability scans and penetration tests against  heterogeneous networks and systems

  • Must be able to write at a "publication" quality level and expertly communicate findings and recommendations to the client's senior management in an easily understandable format

  • Must have extensive experience using commercial and Open Source vulnerability scanning and assessment tools to include: Internet Security Scanner, Nessus, nmap, Retina, WebInspect, Nitko, and PhoneSweep

  • Advanced knowledge of networking and application protocols (DNS, SMTP, FTP, HTTPS, SSH, etc.), associated vulnerabilities, and manual vulnerability assessment testing techniques

  • Demonstrated advanced knowledge of LAN/WAN and wireless internetworking technology (IP addressing, routing, etc.) and related security vulnerability testing techniques

  • Prior system and network security administration, security risk assessment, IT architecture development, firewall, and IDS/IPS architectural design experience required

  • Firm understanding and working knowledge of computing and networking platforms such as IBM mainframes, Unix (AIX, Solaris, Linux), LAN servers and workstations (NT/2000, OS/2, Macintosh, Novell, Win9x), Cisco routers, Oracle, MySQL, MS SQL, and DB/2 DBMS’

  • Expert knowledge of security industry best practices and standards, specifically experience with ISO 17799, NIST, OWASP, and other leading standards; in-depth knowledge of regulatory and compliance requirements a must

  • Ability to work independently in a remote office setting and as part of a dynamic and energetic security team

  • Bachelors' in Computer Science or a related field, or equivalent experience

  • CISSP, GIAC, MCSE, CISA, CISCO, and CEH certifications preferred

  • Must be able to pass a formal exam where you will be asked to conduct a network and system vulnerability scan or penetration test and develop and provide a formal report on your findings

  • Must be able to pass a thorough background investigation to be considered for position

 

To apply for one or more of our available positions, please email a copy of you cover letter and resume to careers@rvasi.com or send it via US Postal mail to RVASI – Ethical Hacking Solutions, Attn: Human Resources, P.O. Box 541025, Omaha, NE 68154.  Please include the name of the position you are interested in.  No phone calls please.
Privacy Statement  |   Terms of Use  |   FAQs  |   Contact Us  |   Site Map
© Copyright 2005, RVASI, All Rights Reserved.