Risk Consulting Associate - Offensive Security

• Consulting processtoolsand methods

• Client engagement economics

• Presentation and business writing skills

• Time management and project delivery

• Communication skills

Examples of candidates responsibilities include:

• Assess security of client networks hosts and applications

• Determinetechnical business impact and likelihood of identified security issues andprovideremediation guidance to clients

• Perform analysis and testing to verify the strengths and weaknesses of mobile and web applications and web services (SOAP WSDL UDDI)

• Perform Internet penetration testing usingblackboxandwhiteboxmethodologies

• Review application code system configurations and device configurations using manual and automated techniques

• Measure and report clients compliance with established industry or government requirements

• Identifyleaked client data on open and closed (Deep and Dark Web) sources

• Perform analytical investigations into specific threat actors ransomware and campaigns

• Communicate technical findings to a nontechnical audience effectively

• Create and review threat intelligence programs for clients using established intelligence models

• Work withRSMconsulting professionals with a variety of credentials including Certified Ethical Hacker (CEH) Certified Information Systems Security Professionals (CISSP); Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM) Certified Threat Intelligence Analyst (CTIA

Basic Qualifications:

• MinimumB.A. or B.S. degree or equivalent from an accredited university by the time employmentcommenceswith a major inComputer Science Information Technology Information Systems Management Information Security intelligence digital forensicscybersecurityor other similar degrees

• Technical background in computer science andcybersecurityrelated fields

• Strong knowledgeof computernetwork technologies protocols/topologies digital forensics and endpoint protection or threat intelligence

• Software development programming and/or scripting experience (Perl Python C Java PHP ASP etc.

• Ability to track threat actors across Dark Web criminal forums and marketplaces and ability to communicate findings

• Ability to track malware campaigns and understand adversarial activity from an intelligence perspective

• Basic understanding ofintelligenceincluding intelligence lifecycle Chain Diamond model and Priority Intelligence Requirements

• Proventrack recordof an analytical and curious mindset in problem solving

• The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude including senior management

• High degree of integrity and confidentiality as well as ability to adhere to company policies and best practices

• Possess a strong internal drive and motivation for continuous improvement

• A minimum 3.0 GPA is preferred

Preferred Qualifications:

• Practical handson or lab experience with IT infrastructure components such as servers firewalls IDS systems and other network infrastructure components

• Practical handson or labexperience withsecurity applications such as aAppScanMetasploitBurbSuite Nessus Social Engineering Toolkit Kali Linux etc. or other commercial and public domain security tools

• Operating system configuration and security experience (HPUX Linux Solaris AIX etc.

• Configuration and security experience with web servers and web applications (Apache HTTP/Tomcat Microsoft IIS Sun One OracleiPlanet IBM WebSphere etc.

• Database Configuration and Security experience (MySQL Microsoft SQL IBM DB2 Sybase Oracle etc.

• Familiar with security testing techniques such as network discovery port and service identification vulnerability scanning network sniffing fuzzing penetration testing configuration reviewsfirewallrule reviews social engineering wireless penetration testing and password cracking

• Internshipor overallexperience with threat intelligence vendor or familiarity with various threat intelligence tools and platforms