Information Security Consultant – Hong Kong

0
878

Job Summary and Mission

The information Security Consultant will participate in a variety of engagements, focusing on targets that may include network equipment, servers, applications, APIs, wireless infrastructures, mobile devices, and other information systems.  Using a variety of tools and techniques that may include red team and social engineering, you will have the opportunity to combine technical expertise with your imagination to discover innovative methods with the goal of ensuring wizlynx group’s customers remain one step ahead of its’ adversaries.  This role will be part of a team of IT security and information security experts, providing excellent services to customers and internal teams

Summary of Key Responsibilities

Responsibilities and essential job functions include, but are not limited to, the following:

  • Collaborate as a participating member of the IT-Security and Information Security team
  • Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends/best practices, offensive techniques, and tools
  • Execute network, web application, wireless and social engineering penetration tests that will vary in level of complexity from simple to potentially complex
  • Author quality penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses
  • Provide remediation guidance for findings
  • Serve as a consultant in pre-sales, including assessment of client needs, project scopes and proposal preparations
  • Share all knowledge and training with internal colleagues and teams

Summary of Ideal Experience, Skills, Knowledge, and Abilities

MINIMUM EXPERIENCE

  • Bachelor’s degree, preferably in computer science or information systems, or equivalent work experience.
  • Minimum of five years direct Information Security experience in a security analyst, engineer, architect, consultant or similar role
  • Minimum of three years professional experience in penetration testing
  • Technical knowledge across a broad range of computing platforms and network protocols
  • High proficiency in a variety of operating systems such as Unix/Linux/Mac/Windows operating systems, including bash and PowerShell
  • High proficiency in manual and automated techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems), as well as executing vulnerability assessments (injection, privilege, escalation, fuzzing, buffer overflows, etc.)
  • Proven professional experience testing web applications for common web application security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issues
  • Programming – Python, Perl, Java, Shell Scripting
  • Tools – Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (ex:  Burp, Nessus, Nmap, Metasploit)
  • Strong oral and written communication skills, including a demonstrated ability to prepare quality documentation and presentations for technical and non-technical audiences
  • Certifications such as OSCP, OSCE, CREST, GIAC (GXPN, GWAPT, GPEN, GMOB, GCIH) others are highly desired

LANGUAGE SKILLS

  • Excellent communication skills in English (written and spoken)
  • Additional languages (German, Spanish, French, Mandarin) is a plus

SOFT SKILLS

  • Excellent interpersonal skills, capable to interact with people at all levels; team player
  • Action-oriented and results driven
  • Organized with strong time-management skills
  • Flexible attitude, reliable
  • Customer friendly approach and appearance
  • Willingness to travel
  • Strong problem-solving and analytical skills

Key Performance Indicators / Measures of Success

  • Achieve agreed project targets in terms of quality, time and cost
  • Positive feedback from client
  • Client interest in maintaining wizlynx services for additional project work

Potential Career Development

  • Comprehensive training/certification offered by wizlynx
  • Advancement to senior role

APPLY NOW