Dieses Jobangebot ist archiviert und steht nicht mehr zur Verfügung.
Vakante Jobangebote finden Sie unter Projekte.
Vakante Jobangebote finden Sie unter Projekte.
Penetration Test Consultant (part time)
Eingestellt von PROTEUS EUROPE
Gesuchte Skills: Consultant, Client, Network, Linux
Projektbeschreibung
Proteus Europe is searching for Penetration Test Consultant (part time) for a 36 Month contract role based in Brussels, Belgium.
LANGUAGES - French/Dutch: active knowledge (understanding/speaking/writing technical documentation/reading) of one language and passive knowledge (understanding/reading) of the second one.
- English (understanding/reading/writing technical documentation): active knowledge.
Each Applicant must...
- Provide the possibility to have an interview;
- Agree on undergoing a security screening or provide a clearance if holder of it;
- Sign a non-disclosure agreement (NDA) to guarantee that all information obtained by the tests remains property of the client and will not be disclosed;
Our Client :-
Our client is an international consultancy with a reputation for delivering on projects with their consultancy customers. You will join and be part of their team to ensure this current project is a complete success. The end client is a large financial instituation.
Your New role:-
General goal:
The consultant will conduct its mission as member of the Infrastructure and Operations (IO). His/her primary mission will be to validate and enforce the security level on infrastructural components (individually and as part of a global configuration).
The consultancy has a major objective to assure that infrastructure projects are delivered at an appropriate security level. The mission MAY NOT be limited to a theoretical analysis of a configuration/project but MUST include a penetration testing exercise.
The consultant will be able to collect information from the system engineers but operate and report independently from the infrastructure project managers. He/she will get access to systems under explicit control of a system engineer.
As a goal, the consultant will participate in:
(a) Gap analysis and Advise: Analyse that existing infrastructure blocks are correctly secured and configured. Elaborate a gap-analysis against policies (where exist) and against best market practices and recommendations;
(b) Contribute/follow-up: Help with the elaboration of the security analysis and configuration guidelines which is mandatory for each infrastructure project to pass quality approval;
(c) Recommend: Assure that clearer guidelines and tool recommendations will be provided to elaborate a clear quality gate checklist for infrastructure projects;
(d) Present: reporting towards technical IO staff and present the flaws and recommended actions;
The consultant MUST BE able to conduct a penetration test exercise which will be used to further improve the quality deliverable. This will apply to both existing components and new projects.
Infrastructure scope and approach: The scope can be very large and vary from very detailed analysis at product and protocol level ( for instance Windows, Linux, and TLS protocol) to global architectural solutions ( IAM components within the existing architecture, network segregation, ..)
As such, the company will propose:
a) Maximum two profiles may be proposed. Only the best profile will be withheld in the final evaluation.
b) An overview on the company capability to cover a very broad technology spectrum;
Out of scope: It is NOT within the scope of the consultant to elaborate testing scenarios to monitor the good health of the infrastructure systems. The focus is fully on the quality of the security configuration of the infrastructure components.
All testing and reporting will be done onsite in Brussels.
When requested for a specific infrastructure project :
To be delivered for a particular infrastructure component or project (which can be already in-place or still to deploy):
- Gap-Analysis: Security weaknesses - both at configuration and organizational level - must be identified (for which penetration testing tools MUST be used by the consultant). The consultant will deliver a report on flaws and recommendations on how to improve the security level.
Contribute/Follow-up: will help with the elaboration of the security document which needs to be validated by the security council before going life of a particular project. He/she will participate in the evaluation discussions to pass the security quality gate;
- Presentation: provide a presentation to internal IT infrastructure professionals to create clear awareness on the security topics and improve their security skills in general;
An indicator for success is when the project is able to pass the security quality gate of the security staff. The latter will conduct its own penetration test before accepting production status.
As part of a request for a lessons learned mission:
- A consolidated report with recommendations on actions which should be included in the infrastructure project life cycle to assure that previously identified flaws would be structurally avoided.
Your Skills and experience:-
Essential Skills:-
Relevance and size of the technical knowledge:
Mandatory technical knowledge on:
- Operating systems (Windows 2012R2, Linux [Red Hat],).
- Knowledge on network technologies and topologies (Ethernet, Wi-Fi, fibre channel, Bluetooth,) and communication protocols.
- Authentication technologies (both user and machine) and mechanisms.
- Cryptographic algorithms (hashing, encryption, digital signing);
- Well-known attacks and techniques to defeat security controls.
- Multi-layered security (defence in depth) principles
- Where to obtain best-practice information to achieve (market) security compliancy;
- How to conduct a security quality screening of an infrastructure component and how to decompose it into a well-structured action plan to tackle the flaws;
Should have very good knowledge
- How building should form a security architecture (understand the global picture);
- Basic usage of Project management tools to help in planning activities;
Useful (technical) knowledge:
- Programming language(s)
- Database systems (SQL, Oracle, )
- Middleware (B2B, WAS, )
(Pragmatic) Methodology knowledge :
- Pragmatic methodologies already used on how to implement a secure infrastructure setup life cycle;
EDUCATION AND EXPERIENCE The consultant proposed must dispose of an extensive professional experience as infrastructure quality tester with focus on the security configuration.
- Security certifications are required, specific penetration testing certifications (GPEN, LPT, CPT, ) are an advantage;
- Provide minimum two anonymised sample reports written by the candidate;
- Provide an overview of which (pragmatic) approach is/was used during previous to cover the mission statement;
- Must have practical experience with penetration testing as basis to provide recommendations and guidelines;
- Must have practical experience with host based auditing and compliancy checking;
- Must have experience with forensics analysis;
Desirable Skills :-
- Hands-on guy : May not be limited to an academic analysis and audit but must have practical hands-on experience;
- Team player and Communicative personality: will need to convince other team players that his/her security gap-analysis is a contribution to the improvement of the infra deliverable and not a break-down of the work done;
- Independent worker: being able to quickly understand a target objective and create its own action plan.
- Presentation skills to convince the field players on the necessity for the recommended actions;
- Discreetly.
- Knowledgeable and curious: especially for what is going on in the security market and be an active follower of security knowledge bases.
Proteus Europe operates in partnership with our candidates by building strong and lasting relationships at all levels.
If you apply for this role, we will:
- Contact you within one week to discuss your current situation and suitability for this role.
- Keep searching for other suitable positions should this role not be right for you.
- Keep you informed at every stage of the recruitment process.
- Actively follow up with our client on your behalf to gain useful feedback throughout the process.
If you are looking for a new role, but this role isn't quite right for you, please contact us in confidence for a discussion about how we can help you.
LANGUAGES - French/Dutch: active knowledge (understanding/speaking/writing technical documentation/reading) of one language and passive knowledge (understanding/reading) of the second one.
- English (understanding/reading/writing technical documentation): active knowledge.
Each Applicant must...
- Provide the possibility to have an interview;
- Agree on undergoing a security screening or provide a clearance if holder of it;
- Sign a non-disclosure agreement (NDA) to guarantee that all information obtained by the tests remains property of the client and will not be disclosed;
Our Client :-
Our client is an international consultancy with a reputation for delivering on projects with their consultancy customers. You will join and be part of their team to ensure this current project is a complete success. The end client is a large financial instituation.
Your New role:-
General goal:
The consultant will conduct its mission as member of the Infrastructure and Operations (IO). His/her primary mission will be to validate and enforce the security level on infrastructural components (individually and as part of a global configuration).
The consultancy has a major objective to assure that infrastructure projects are delivered at an appropriate security level. The mission MAY NOT be limited to a theoretical analysis of a configuration/project but MUST include a penetration testing exercise.
The consultant will be able to collect information from the system engineers but operate and report independently from the infrastructure project managers. He/she will get access to systems under explicit control of a system engineer.
As a goal, the consultant will participate in:
(a) Gap analysis and Advise: Analyse that existing infrastructure blocks are correctly secured and configured. Elaborate a gap-analysis against policies (where exist) and against best market practices and recommendations;
(b) Contribute/follow-up: Help with the elaboration of the security analysis and configuration guidelines which is mandatory for each infrastructure project to pass quality approval;
(c) Recommend: Assure that clearer guidelines and tool recommendations will be provided to elaborate a clear quality gate checklist for infrastructure projects;
(d) Present: reporting towards technical IO staff and present the flaws and recommended actions;
The consultant MUST BE able to conduct a penetration test exercise which will be used to further improve the quality deliverable. This will apply to both existing components and new projects.
Infrastructure scope and approach: The scope can be very large and vary from very detailed analysis at product and protocol level ( for instance Windows, Linux, and TLS protocol) to global architectural solutions ( IAM components within the existing architecture, network segregation, ..)
As such, the company will propose:
a) Maximum two profiles may be proposed. Only the best profile will be withheld in the final evaluation.
b) An overview on the company capability to cover a very broad technology spectrum;
Out of scope: It is NOT within the scope of the consultant to elaborate testing scenarios to monitor the good health of the infrastructure systems. The focus is fully on the quality of the security configuration of the infrastructure components.
All testing and reporting will be done onsite in Brussels.
When requested for a specific infrastructure project :
To be delivered for a particular infrastructure component or project (which can be already in-place or still to deploy):
- Gap-Analysis: Security weaknesses - both at configuration and organizational level - must be identified (for which penetration testing tools MUST be used by the consultant). The consultant will deliver a report on flaws and recommendations on how to improve the security level.
Contribute/Follow-up: will help with the elaboration of the security document which needs to be validated by the security council before going life of a particular project. He/she will participate in the evaluation discussions to pass the security quality gate;
- Presentation: provide a presentation to internal IT infrastructure professionals to create clear awareness on the security topics and improve their security skills in general;
An indicator for success is when the project is able to pass the security quality gate of the security staff. The latter will conduct its own penetration test before accepting production status.
As part of a request for a lessons learned mission:
- A consolidated report with recommendations on actions which should be included in the infrastructure project life cycle to assure that previously identified flaws would be structurally avoided.
Your Skills and experience:-
Essential Skills:-
Relevance and size of the technical knowledge:
Mandatory technical knowledge on:
- Operating systems (Windows 2012R2, Linux [Red Hat],).
- Knowledge on network technologies and topologies (Ethernet, Wi-Fi, fibre channel, Bluetooth,) and communication protocols.
- Authentication technologies (both user and machine) and mechanisms.
- Cryptographic algorithms (hashing, encryption, digital signing);
- Well-known attacks and techniques to defeat security controls.
- Multi-layered security (defence in depth) principles
- Where to obtain best-practice information to achieve (market) security compliancy;
- How to conduct a security quality screening of an infrastructure component and how to decompose it into a well-structured action plan to tackle the flaws;
Should have very good knowledge
- How building should form a security architecture (understand the global picture);
- Basic usage of Project management tools to help in planning activities;
Useful (technical) knowledge:
- Programming language(s)
- Database systems (SQL, Oracle, )
- Middleware (B2B, WAS, )
(Pragmatic) Methodology knowledge :
- Pragmatic methodologies already used on how to implement a secure infrastructure setup life cycle;
EDUCATION AND EXPERIENCE The consultant proposed must dispose of an extensive professional experience as infrastructure quality tester with focus on the security configuration.
- Security certifications are required, specific penetration testing certifications (GPEN, LPT, CPT, ) are an advantage;
- Provide minimum two anonymised sample reports written by the candidate;
- Provide an overview of which (pragmatic) approach is/was used during previous to cover the mission statement;
- Must have practical experience with penetration testing as basis to provide recommendations and guidelines;
- Must have practical experience with host based auditing and compliancy checking;
- Must have experience with forensics analysis;
Desirable Skills :-
- Hands-on guy : May not be limited to an academic analysis and audit but must have practical hands-on experience;
- Team player and Communicative personality: will need to convince other team players that his/her security gap-analysis is a contribution to the improvement of the infra deliverable and not a break-down of the work done;
- Independent worker: being able to quickly understand a target objective and create its own action plan.
- Presentation skills to convince the field players on the necessity for the recommended actions;
- Discreetly.
- Knowledgeable and curious: especially for what is going on in the security market and be an active follower of security knowledge bases.
Proteus Europe operates in partnership with our candidates by building strong and lasting relationships at all levels.
If you apply for this role, we will:
- Contact you within one week to discuss your current situation and suitability for this role.
- Keep searching for other suitable positions should this role not be right for you.
- Keep you informed at every stage of the recruitment process.
- Actively follow up with our client on your behalf to gain useful feedback throughout the process.
If you are looking for a new role, but this role isn't quite right for you, please contact us in confidence for a discussion about how we can help you.
Projektdetails
Geforderte Qualifikationen
-
Kategorie:
IT Entwicklung, Organisation/Management