Overview
Offensive Security Consultant candidates are motivated offensive security professionals, often with 2-5 years of pen testing experience not counting previous IT experience. The primary role of an Offensive Security Consultant is to perform External Network Penetration Tests as well as Application Penetration Tests against web applications, mobile applications, and web services. Security Consultants are expected to execute the appropriate testing methodology, identify risk at a level commensurate with the company bar, perform punctually, clearly document findings for multiple audiences, and demonstrate outstanding customer service skills.
Responsibilities
- Deliver Application Penetration Tests against web apps, mobile apps, web services, and fat-clients
- Security Consultants who have proven adept at application penetration testing will perform small to medium-sized Network Penetration Tests.
- Communicate with customers in a friendly manner, quickly and clearly, and with great accuracy during kickoff and scoping calls
- Communicate with customers during assessment status updates and ongoing project communication
- Communicate with customers during report delivery
- Communicate with customers during wrap-up meetings
- Communicate with customers during non-billable events such as lunches, conferences, and meetups
- Work towards professional-level certs such as the OSCP if they have not already been achieved
- Assist in enhancing various company methodologies and other documentation
- Work with project management to enhance the company's overall efficiency
- Assist peers in identifying and exploiting issues during assessments
- Demonstrate excellent writing skills both during email correspondence and report creation
- Prioritize findings based on perceived risk, using existing knowledge of clients' business to ascertain finding severity
- Lead by example in behavior, work ethic, and punctuality
- Interpret and obey any applicable customer testing restrictions based on scope and kickoff calls
- Utilize non-billable time to work on company-directed internal projects
- Develop and own an area of expertise (e.g., web services, SQL injection, mobile apps, Powershell, reporting, Java, XXE skills)
- Contribute to company methodology and vulnerability repositories
Qualifications
2+ years' full-time penetration testing experienceFull familiarity with OWASP top 10, SANS top 25Applicants with common industry certifications such as OSCP, OSCE, SANS, CREST, and similar will be preferredApplicants with public disclosure track record will be preferredExcellent communication skills in written, verbal, and in-person formatsHigh-level knowledge of common platforms and their vulnerabilitiesBurpSuite expertAbility to configure working login macrosUse Repeater and Intruder to manually find flawsUse Scanner in an appropriate manner to automatically find flawsQuickly eliminate false positives based on intuition and response contentKali LinuxGithubResearch capability to search for flaws in fingerprinted services / components and to find exploitsAbility to alter existing exploits so they apply to different assessment targetsAbout Us
Konica Minolta Business Solutions is a global company that partners with clients to support digital transformation through its Intelligent Connected Workplace portfolio. The business technology offerings include IT services, information management, video security solutions and managed print services, as well as office technology and industrial and commercial print solutions. For more information, please visit Konica Minolta online and follow the company on social platforms.
Konica Minolta operates on a North American Shared Services model, aligning cross-border priorities and enhancing delivery to its field organization, with resources to support sales administration, logistics and supply chain, marketing, product planning, finance, IT, HR and legal.
EOE Statement : Konica Minolta is an equal opportunity employer. We consider all qualified applicants for employment without regard to race, color, religion, national origin, sex, pregnancy, age, sexual orientation, gender identity, disability, veteran status or any other characteristic protected by applicable law.
J-18808-Ljbffr