Senior Security Consultant Position Description
: Delivers information security consulting at a senior level with little supervision and instruction. Provides experience-based information security/information assurance support to commercial and/or federal customers. May serve in either a project lead or support role performing security consulting activities such as network or application vulnerability assessment or penetration testing, security architecture design and assessment, application and/or network security assessments and testing. Has the ability to lead client interactions and solution deployments.
- Preferred Skills:
- Strong working knowledge of information security in order to effectively:
- Interface with clients to advise, resolve, prevent and mitigate risk, while maintaining an operational environment.
- Research, evaluate and advise clients regarding new security technologies or control frameworks.
- Analyze and manage security technologies to provide detective and preventative capabilities (vulnerability scanning, endpoint security, intrusion detection, network forensics, network and application security and security and event/incident management).
- Review and analyze vulnerability scans on networks and validate findings.
- Strong understanding of Windows and Linux/Unix based Operating Systems, networking (TCP/IP, Ports, Active Directory, DNS, and DHCP), Switch / Router configuration, and Security.
- Understanding of SCADA and Industrial Control Systems (ICS) is a plus.
- Physical security and Physical Access Control Systems (PACS) is a plus.
- Extensive knowledge of and experience applying one or more compliance methodologies, relevant to the customer (e.g. Payment Card Industry (PCI), HIPAA, ISO, NIST Cyber Security Framework (CSF), and NERC CIP).
- Effective written and verbal communication skills
- Effective organizational skills and attention to detail
- Timely delivery of quality work-product and deliverables
- Ability to complete projects within a specified timeframe with limited supervision.
- Certifications: CISSP, CEH, and/or CISM are desirable, and OSCP preferred.