Vacancy expired!
- 10+ Years of Experience in Information Security, Operational Security and/or Related Field
- 5+ Years of Experience in Red Team operations, Penetration Testing, and/or Vulnerability Assessments
- Scripting experience in at least one programming language (e.g. Python, PowerShell, Bash)
- Knowledge of Operational Technologies/Industrial Controls Systems (HMI, PLC/RTU, SCADA, DCS)
- Knowledge of Active Directory concepts, Windows internals
- Knowledge of nix systems
- The candidate should have a general background in Operational Technology, Industrial Control Systems, or SCADA environments.
- Purple Team engagements, assessments, and cooperations
- Physical security assessment experience (lock picking, security system bypass, etc.)
- Database experience (Oracle, MSSQL, MySQL, MongoDB)
- Application fuzzing experience (WSFuzzer, SPIKE, Sulley, etc)
- Reverse engineering experience/knowledge, data obfuscators, or ciphers
- IT Systems & Networking, Mobile, Web Application assessments
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Developing application sin C#, ASP, .NET, ObjectiveC, Go, or Java (J2EE)
- Source code review for control flows and security flaws
- Undergraduate degree in Computer Science, Engineering, or related field
- Penetration Testing Certifications (eg Pentest+, GPEN, GXPN, CEH, LPT, OSCP, or OSCE)
- Industrial Control System Certifications (eg GICSP, GRID, GCIP)
- CISSP and other relevant certifications preferred.
- ICS Vendor Specific Certifications
- ICS / OT Courseware
- 6+ years' experience: Information Security
- The ideal candidate should be a subject matter expert in one or more of the following areas:
- Security Assessments of OT environments
- Penetration Testing, Vulnerability Analysis, or Security Research in OT environments or ICS devices
- Security Engineering of OT environments
- Systems, Network, or Device Administration or Engineering of ICS devices or environments
- Perform internal and external vulnerability assessment and penetration testing of network infrastructure and applications
- Perform well controlled vulnerability exploitation/penetration testing on applications, network protocols, and databases
- Perform network reconnaissance, OSINT, social engineering, and physical security reviews
- Demonstrate advanced understanding of business processes, internal control risk management, IT/OT controls and related standards
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
- Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Learn the agency business environment and its risk management approaches
- Seeking a penetration testing specialist to support multiple projects focused on technical Risk Assessments, Vulnerability Analysis, and Proof of Concept Exploitation and Vulnerability Validation within the Operational Technology environment, Industrial Control Systems, and Critical Infrastructure Systems.
- ID: #23552206
- State: New York New york city 10008 New york city USA
- City: New york city
- Salary: USD TBD TBD
- Job type: Contract
- Showed: 2021-11-27
- Deadline: 2022-01-26
- Category: Et cetera