• Penetration Testing Senior Consultant

    Job Locations US-Nationwide
    Posted Date 2 months ago(6/28/2019 4:50 PM)
    # of Openings
    Security and Privacy Consulting
  • Overview

    Focal Point Data Risk is a new type of risk management firm, one that delivers a unified approach to addressing data risk through a unique combination of service offerings. Focal Point has brought together industry-leading expertise in cyber security, identity governance and access management, data privacy and analytics, internal audit, and hands-on training services, giving companies everything, they need to plan and develop effective risk and security programs. By integrating these services, we provide our clients with the flexible support they need to protect and leverage data across any part of their organization. Simply put, Focal Point is the next generation of risk management.


    The ideal candidate will possess a broad skill set and have the capacity for learning required to sustain our client engagements. The responsibilities that you will be given will make the most of your strengths and challenge you to develop even further in a supportive, team-focused atmosphere.



    • Configure, run, and monitor automated security testing tools
    • Perform manual validation of vulnerabilities
    • Perform manual penetration testing of client systems, web sites, and networks to identify and exploit vulnerabilities
    • Thoroughly document exploit chain/proof of concept scenarios for client consumption
    • Work successfully from home office environment
    • Perform overnight work as necessary (less than 10%)
    • Work onsite and at client locations as necessary




    • Familiarity with vulnerability assessment and penetration best practices
    • Experience with vulnerability and penetration testing techniques and tools
    • 2 or more years of hands-on penetration testing experience
    • Programming experience in Python, PHP, Perl, Ruby, .NET, or other interpreted or compiled languages 
    • Currently has or desires to obtain one or more security-related certifications, such as Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), GIAC Certified Incident Handler (GCEH), Offensive Security Certified Expert (OSCE), and Offensive Security Certified Professional (OSCP)



    The ideal candidate should possess a detailed knowledge of one or more of the following technologies:

    • Security testing tools including Metasploit, Nmap, Nessus, Burp Suite, or equivalents
    • Linux operating systems
    • Microsoft technologies
    • Mobile application programming and/or security testing
    • Wireless technologies
    • Web application technologies
    • Network implementation (operational and security)
    • Telephony technologies (analog and IP)
    • Social engineering
    • Physical security
    • Source code analysis software
    • Intermediate to advanced Microsoft Office Suite (i.e., Word, Excel, PowerPoint) 



    • A degree or certificate in management information systems, mathematics, computer science or related field or 2-3 years of relevant information security experience


    TRAVEL REQUIRED: Travel up to 20%


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed