NST is a unique consulting company that takes a comprehensive and holistic approach to security and network consulting. With a client base of energy sector and Fortune 1000 companies, N&ST offers a modular and sequential set of consulting offerings that span the full information technology lifecycle. Founded in 2003, NST is a privately held company, incorporated in the state of New York.
NST is seeking a Security Consultant – Penetration Tester to work with clients to solve their mission critical security problems by testing and analyzing systems and applications in order to identify security flaws in architecture and configuration. Additionally the candidate will review network, system, and application architecture and strategies to assist clients in developing and maintaining a strong enterprise-wide information security posture. The candidate should have a strong understanding of the role of security within the enterprise environment, plus experience with penetration testing, social engineering, virus detection and associated propagation methods, and security issues of commonly used programming languages. Experience with cyber security compliance standards, such as NERC CIP, HIPAA, or PCI, and with security guidelines, such as ISO 2700x, is preferred.
The qualified candidate will work primarily in a supervised capacity and will have the opportunity to learn while on the job. The candidate must be self-driven, team focused and intellectually curious to succeed in this role.
Expected knowledge of cyber security testing methods and tools, and system hardening ability, including the following:
• Penetration testing tools and forms of attack and associated tools (nmap, Nessus, Metasploit) for network-based testing
• Hacker exploit scripts/programs to test whether vendor/developer patches operate as intended and fix the identified vulnerability or identify the malicious code
• Network traffic monitoring tools (Wireshark)
• Network protocols (TCP/IP) and associated services (DNS, HTTP/S)
• Firewall configuration (Cisco, Check Point, SonicWall, Juniper, Fortigate)
• Operating system and firmware security settings (Linux, Microsoft, Cisco IOS and NX-OS)
• Network, system, and application security testing, source code reviews, wireless network assessments, and/or social-engineering assessments
• Vulnerability assessments against common cyber security standards and/or guidelines
• Written comprehensive and accurate reports and presentations for both technical and executive audiences
• Safe utilization of attacker tools, tactics, and/or procedures
• Development of security-related scripts, tools, and/or methodologies
• Bachelor's degree in a technical field
• Strong communication skills – written, presentation, verbal - with the ability to effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Professional, solutions-based 'team player' attitude
• Willingness to travel
• Must be eligible to work in the US without sponsorship
NST is an equal opportunity employer.