Consultant Penetration Testing
About CoalfireCoalfire is on a mission to make the world a safer place by solving our clients’ toughest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.But that’s not who we are – that’s just what we do.We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. And we’re growing fast.We’re looking for a Consultant to support our Threat & Vulnerability Management team.Position SummaryLeading cloud infrastructure providers, SaaS providers, and enterprises turn to Coalfire for help solving their toughest cybersecurity problems. Through the combination of extensive cloud expertise, technology, and innovative and holistic approaches, Coalfire empowers clients to achieve their business objectives, use security and compliance to their advantage, and fuel their continued success. Coalfire has been a cybersecurity thought leader for 20 years and has offices throughout the United States and Europe.
What You'll Do
- As a Consultant, you will regularly interact with peers and clients as both a lead auditor and assessor, depending on the engagement. You will audit information systems with confidence and accuracy to ensure the integrity and effectiveness of security measures. You’ll test technical controls, policies and procedures, laws, regulations, and industry best practices.
- Advises clients on technical security or compliance activities
- Manages priorities and tasks to achieve delivery utilization targets.
- Operates with professionalism both internally and with clients.
- Ensures quality products and services are delivered on time.
- Continues to develop professional skills with relevant industry specific certifications. Maintains strong depth of knowledge in the practice area.
- Collaborates with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables. Working independently and collaboratively with a team to support the following work activities where skills apply:
- Internal and External Network Penetration Testing
- Application Penetration Testing (Browser-based, API, Mobile)
- Cloud Solution Penetration Testing
- Social Engineering
- Wireless Assessments
What You'll Bring
- Bachelor's degree (four-year college or university) or equivalent combination of education and work experience
- 3+ years experience in information security with web application and network penetration testing experience
- Hands-on experience with two or more scripting languages such as Python, Powershell, Shell, or Ruby
- Experience with one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FEDRAMP, or HITRUST
- One to three (1-3) years of experience in an IT Security Audit and/or Compliance role
- Experience or knowledge of IT security risk assessments and gap analysis
- Experience interacting with management in a consultative manner
- Strong IT understanding with respect to networks, servers, workstations, and applications
- Excellent communication and presentation skills
- Ability to travel up to 20%
Bonus Points
- Deep experience engaging clientele in consulting-related environments
- Experience leading or participating in Red Team engagements
- Reverse engineering malware, data obfuscators, or ciphers
- An aptitude for technical writing, including assessment reports, presentations, and operating procedures
- Strong understanding of security principles, policies, and industry best practices