Essential Functions:

Our consultants can perform a variety of tasks based on the individual needs of our clients and our internal business priorities, including but not limited to:

• Independently perform red team services such as network and web application penetration testing.
• Regularly communicate with customers during security engagements.
• Be a multiplier by assisting other Technical Consultants within the Red Team.
• Strong writing and communication skills required.
• Experience with and understanding of enterprise environments.
• Provide technical and strategic recommendations to address issues uncovered in the assessment process with mappings to findings and industry standards.
• Maintain competence in security technology and stay abreast of trending threats and attack vectors.
• Maintain and continuously develop security relevant training and certifications as they align to customer product and service offerings.
• Occasionally assist in presales efforts.
• Other duties as assigned or requested.

The following approaches are necessary:

• Planning: Thinking about solutions holistically, foreseeing possible problems, and envisioning how security solutions will be completed in a high-quality manner while staying within the allotted time.
• Deadline Driven: Willing to work the time required to adequately complete tasks in full.
• Thorough: Conducting each assessment with the goal of testing as much of the customer infrastructure per the agreed upon scope.
• Best Practices: Using official documentation, reliable online resources/books, and personal experience. Staying updated and educated to the development industry is a must.
• Organization and general record keeping: Folder and file organization, date versioning, individual record keeping including time entry, habit of keeping credentials and important details in a safe place and accessible from anywhere.

• Relevant certifications desired (OSCP, PJPT, CEH, CISSP)
• 5 year of demonstrable information security experience
• Experience with various security applications and technology required (BurpSuite, SAST tools, DAST tooling, WAFs, vulnerability scanners, etc.)
• Experience with cloud security preferred (Office365, Azure, AWS)

The desired candidate is versatile and possesses technical skillsets from the multiple discipline areas of our professional services practice areas. Candidates will be considered who do not meet all criteria so long as they possess curiosity and the drive for continuous learning, and innovation in technology.

• Soft Skills
  1. Ability to engage customers, partners, and fellow employees in a manner that is honest, respectful, and clear.
  2. Professionalism with written and verbal communication with a strong focus on customer service.
  3. Ability to context switch frequently.
  4. Ability to prioritize work and meet deadlines under minimal supervision.
  5. Self-motivated with the willingness to constantly learn and innovate.
  6. Comfort with working in a fast-paced and innovative environment, with dedication to seeking the success of customers and the CDI team.
• Cyber Security
  1. In-depth understanding of:
     • information security practices and procedures
     • common security vulnerabilities and vulnerability management practices
     • common attacker playbooks and techniques
     • application security concepts such as SAST, DAST, SBOMs and threat modeling
     • common software development lifecycle techniques and methodologies
     • challenges faced by mature security programs and solutions to remediate
  2. Ability to:
     • design, write, and edit secure software development policies
     • provide consultative services to customers ranging from new to very mature information security programs
     • think outside of the box to thoroughly test customer environments
     • communicate clearly to both technical and non-technical audiences, risks, threats, and vulnerabilities identified during assessments
• Infrastructure
  1. Strong understanding of:
     • common application infrastructure design and implementation
     • operating systems such as Linux, Windows, and Mac

Supervisory Responsibilities: None

Expenses : Yes

Compensation:

$120,000 - $180,000 USD Annual