Individuals Wanted

We are looking for security-focused penetration testers, engineers, architects, and researchers to join our team. Job duties will include penetration testing, security analysis, security architecture and design, and research into current technologies and attacks.

Responsibilities

• A Penetration Tester must have (or develop) the experience, technical skill, consulting finesse, and management skills required to deliver a broad variety of technically demanding projects, including network penetration test, web application assessments, threat hunting, and more.
• Depending on level, consultants may be expected to act as technical leads on projects and focus on developing skills needed to continue delivering high-quality projects, help colleagues at OccamSec through the act of mentoring, and exhibit technical prowess via research and tool development.
• Some travel may be required, although much of our work can be delivered remotely. We also monitor travel so that no one spends too much time on the road – our goal is to ensure that no one gets burnt out.

Desired Experience / Skills

• Web application and web service testing;
• Network infrastructure penetration testing;
• Mobile application security testing (Android and iOS);
• Able to perform security-focused code review in 2+ programming languages;
• Familiarity with secure configuration of Windows, Linux, and MacOS systems;
• Familiar with cloud platforms such as AWS, Azure, and Google Cloud Platform;
• Familiar with OS intervals, virtualization, or container technologies;
• Able to guide clients through secure design methodologies such as threat modeling and attack surface enumeration;
• Knowledge of hardware and embedded system security;
• Familiarity with cryptography;
• Detailed knowledge of bootloaders, operating systems, and drivers; and
• Ability to perform black-box reverse engineering.

Personal Qualities

• Excellent spoken and written communication skills;
• High level of professionalism;
• Outstanding attention to detail;
• Self-motivated and a demonstrated self-started;
• Highly Dependable; and
• Willingness to travel.

Benefits

• Flexible working hours;
• Competitive health packages;
• Life insurance;
• 401k plan with company contributions
• Maternity and parental leave;
• On-the-job training opportunities; and
• Unlimited vacation.

Responsibilities:

• Assist OccamSec in providing computer security consultation services to corporations and government entities.
  • Visit and consult with our clients as to their design, implementation, and operation of their various computer systems, with an emphasis on risk and security aspects, both preventative and remedial.
  • Perform external and internal “penetration testing” of client systems to identify security vulnerabilities which could be exploited by attackers.
  • This should include both penetration testing and red teaming activities across a variety of technologies including Windows, Unix, common applications and environments (PHP, Oracle, SQL Server, Apache, etc…), and the ability to co-ordinate and lead test teams.
  • Design secure network architectures in-line with client requirements. This may include assisting with RFP processes to identify suitable security controls related to selected technologies.
  • Assist with digital forensics activities for Hawaii-based and remote clients. Typically, this includes: uncover and interpret electronic data, preserve any evidence in its most original form while performing a structured investigation by collecting, identifying, and validating the digital information to reconstruct past events, and provide root cause analysis at client request.
  • Assist with the development of security policies, standards, processes, and procedures for Hawaii-based clients. These will typically adhere to an accepted standard such as ISO27000 series or NIST SP 800 series.
  • Assist with security research into new and emerging technologies and attack methods.
  • Lead and handle incident response and threat hunting. This should include the use of a variety of industry standard tools, the ability to perform analysis with this tool, develop hypotheses, and lead teams in the execution of these tasks. Ideal experience also includes past use of the The Hive, ELK, Splunk or SIEM tools to perform this analysis.
  • Employee will be working remotely/telecommuting but must be physically located within the City and County of Honolulu to be able to visit the offices of our Hawaii based clients who are located in this area.
    Requirements
    • • Bachelor’s Degree in Computer Science or Information Technology (an Associate degree plus 1 year of experience may substitute for a Bachelor’s Degree).
      • Five (5) years of experience in Information Technology Security or related.
      • Must have been certified as Certified Information Systems Security Professional CISSP, GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH) and GIAC Certified Intrusion Analyst (GCIA). (Expired certifications or equivalent are acceptable)
      • Experience in incident response such as review and interpretation of alerts, analysis, and incident management. This also includes comparative analysis of results collected against threats, vulnerabilities, and malicious activities in the wild.
      • Experience providing mitigation based on vulnerabilities according to the client’s production environments and in respect to business needs.
      • Experience developing and reviewing information security documentation based on security standards such as ISO/IEC 27000 series or NIST SP 800 series, and COBIT.
      • Experience identifying security risks and issues within IT projects according to client security standards.
      • Experience with ArcSight SIEM, configuring SIEM correlation rules, interface development, ticketing tools aligned to internal processes to provide incident response capabilities to the SOC team.
      • Experience with commercial DDOS security tools such as Radware DP and Arbor Network TMS.

    Employee will work remotely/telecommute but must be physically located in the City and County of Honolulu.

    Employer will consider any suitable combination of education, training, or experience.