Estimated Length: 12 Months Work hours:37.50

Requirements

The ICS Security Group is seeking a consultant to support multiple projects focused on Risk Assessments and Critical Infrastructure Systems. We want to ensure the cybersecurity controls, plans and procedures implemented at the Client are working as they should. The ideal candidate would work closely with stakeholders to conduct gap analyses and develop compensating controls.

RESPONSIBILITIES

• Perform internal and external penetration testing of network infrastructure and applications
• Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases
• Perform network reconnaissance, OSINT, social engineering, and physical security reviews
• Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
• Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
• Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Learn the Client  business environment and basic risk management approaches

CONSULTANT REQUIRED QUALIFICATIONS

• 10+ years of experience in Information Security and/or Related Field.
• 5+ years of experience in Red Team operations and/or Penetration Testing
• Scripting experience in at least one programming language such as Python or PowerShell
• Knowledge of Operational Technologies/Industrial Controls Systems (HMI, PLC, SCADA)
• Knowledge of Active Directory concepts
• Knowledge of Windows internals
• Knowledge of *nix systems

CONSULTANT PREFERRED QUALIFICATIONS

• Previous experience conducting full-scope Purple Team engagements
• Physical security assessment experience (lock picking, security system bypass, etc.)
• Database experience (Oracle, MSSQL, MySQL, MongoDB)
• Application fuzzing experience (WSFuzzer, SPIKE, Sulley, etc)
• Reverse engineering experience/knowledge, data obfuscators, or ciphers
• Mobile and/or web application assessments
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Developing applications in C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
• Source code review for control flow and security flaws

CONSULTANT EDUCATION/CERTIFICATIONS

• Undergraduate degree in Computer Science, Engineering, or related field
• GPEN, GXPN, GWAPT, OSCP, or OSCE required
• CISSP and other relevant certifications preferred

Founded in 1995, IIT is a leading provider of Workforce Solutions to Government and Fortune-1000 organizations. IIT is a winner of Inc-500 award. IIT's core services include:

Headquartered in New York, IIT has over 400 consultants deployed at Client Sites. Other IIT highlights include

Our Consultants love working for IIT

Follow us on LinkedIn or Twitter or Facebook

IIT is an Equal Opportunity Employer