Role Summary/Purpose

The CBTS Security practice exists to improve the maturity of our customers' information security programs. To that end, he Information Security Consultant will be responsible for providing world-class security consulting services to CBTS and OnX Canada customers. The consultant will use experience with security technologies and IT operations, knowledge of accepted standards and best practices, and proven tactics against sophisticated attackers, to help CBTS customers defend their critical systems and sensitive data. The Consultant will also perform penetration testing engagements, simulating cyberattacks against customer networks, web and mobile applications, and employees, using social engineering and phishing tactics. The Consultant will design, execute, and report findings to customers, in a way that contributes substantial value to their security programs.

Essential Functions/Responsibilities

• Perform “friendly” security assessments for CBTS customers. While working with customer technical and executive staff, review the state of various technical and organizational controls processes, and policies. Perform gap analysis, comparing state to widely accepted best practices from vendors, regulatory and compliance bodies, and the security community at large. Document these gaps, along with sensible and relevant recommendations, in findings reports that satisfy the needs of both a technical and non-technical audience. 15%

• Perform vulnerability scans/assessments and penetration tests of CBTS customer environments and controls. Using expertise in operation of commercial and open-source assessment tools, identify configuration flaws, missing patches, and gaps in defenses that could be exploited by attackers. Assessment types will include social engineering and phishing, mobile device, and web application penetration tests. 60%

• Perform pre-sales work. Discuss security and compliance needs with customers, and identify services that help meet those needs. Work with security sales specialists to design engagements for customers. Craft detailed proposals that effectively communicate expectations to customers. 5%

• Perform security research, furthering individual and team understanding of the threat landscape, as well as cutting-edge security technologies. Attend security conferences and participate in local security community events. Evaluate products and tools that can improve the security services team's offerings, and provide value to customers. 10%

• Perform operational management of CBTS Security Services tools and infrastructure. This includes management of lab and virtual/hosted networks, servers, and endpoint systems, as well as the operating systems and software in use for day-to-day consulting work and for evaluation/testing purposes. 10%

Qualifications / Requirements

• Due to regulations pertaining to the nature of this work, the employee must be a Canadian citizen.

• 4-year degree in Computer Science or a related technical degree, or minimum of 7 years of IT experience.

• 1-2 years of experience in the information security field

• Security certifications – CISSP, GSEC, CEH, GPEN, OSCP, Pentest+, GWAPT, OWASP Certification

• Strong understanding of information security principles

• Strong understanding of enterprise applications and platforms (web and application servers, messaging, database)

• Strong understanding of enterprise operating systems (Windows servers and workstations, Linux/UNIX, Mac OS X)

• Strong understanding of network communications (TCP/IP, Ethernet, WAN/LAN technologies)

• Experience in enterprise network design and architecture

• Strong oral and written communication skills.

Desired

• Hands-on experience with modern security technologies, e.g. app whitelisting, log management/SIEM, DLP, encryption, endpoint defense, malware sandboxing/dynamic analysis, perimeter defense

• Experience with various security assessment tools, such as Nessus, Nexpose, Metasploit, Burp Suite Pro, and the collection of tools included in the Kali Linux pentesting suite.

• Experience performing technical training and instruction

• Experience with public speaking and presentation on technical topics

• Strong creative writing skills – provide examples of whitepapers, blog posts, technical presentation material if available