The role of a Security Consultant at Abricto Security is a hands-on practical position which regularly interacts with other security consultants. This position requires previous penetration testing or equivalent security domain knowledge. Previous system administrators or web developers have produced some of the best security consultants we’ve seen. We coach our consultants to become the best-in-class engineers our clients expect.
What you’ll be doing:
- Conducting penetration testing for our customer’s web applications, networks, IoT devices and more.
- Reviewing customer’s enterprise or product security architectures for misconfigurations, omissions or other vulnerabilities.
- Composing detailed findings reports to communicate security findings, risk severities and remediation actions.
- Debriefing customers on assessment findings and providing remediation recommendations.
- Scripting or programming new tools to improve processes and procedures.
- Actively learning about new tools and techniques to strengthen our security assessments and services.
- Writing technical blog posts detailing research you’ve done or sharing your professional experiences.
- Collaborating with team members to share ideas and learn new skill sets.
- Working as part of a larger team to deliver both remote and on-site assessments when needed.
What you’ll bring to the team:
- Strong communication skills, be able to communicate effectively both verbally and written.
- Nice to have certifications include OSCP, OSCE, CISSP, CSSLP and others.
- Bachelor’s degree or equivalent work experience.
- Experience providing security guidance for popular programming languages and frameworks (e.g. Java, Python, C#, Go, Swift, Ruby).
- Cloud experience for AWS, Azure or GCP.
- Fluent in Mac, Linux, and Windows operating systems.
- At least 2 years of prior penetration testing experience.
- Experience debriefing technical teams on penetration test findings.
- Embracing our “You First” attitude, understanding that our customer-centric approach is what sets us apart.
- Contributions and participation in the security community.
- GitHub repositories.
- Prior security conference speaking experience.
- Developed or maintained security tools.
- Published CVEs.
- Participation in CTFs.