Full-Time Ethical Hacker

Job Description

We are currently looking for a Certified Ethical Hacker (CEH) to oversee our web security department.

We are primarily a Web Marketing and Design firm, yet due to popular demand, we have started offering Web Security services and now need an expert to manage this area of the business. With a team of off-shore web security consultants, we are looking to hire someone who can work as the liaison between us and the team — giving directions, managing them on a day-to-day basis, and checking their work that the team is performing quality work. You will also do the more complex tasks.

At this point, the majority of the Web Security work performed is completing malware removal and low-level penetration testing of web applications. However, as we have recently decided to invest more time and resources into the Web Security field, we will soon be doing more complex penetration tests, as well as other more in-depth web security.

You need to be experienced in both performing this type of Web Security work, as well as in the business aspect, and can help guide us in the different services we should be offering as we expand, and what each of those services entails. In other words, we need someone who will help us grow the Web Security arm of the company … and will grow with us.

Along with your application, please answer the following questions:

1. How long have you been a hacker?
2. Do you have an Ethical Hacker Certification? When did you receive it?
3. What was the most complicated penetration test you have ever performed, and why?
4. What are the most common security threats that you deal with?
5. How long does it typically take you to clean common Viagra malware on websites?
6. Have you managed other hackers?

Qualifications

One or more of the following certifications strongly preferred: *CEH (Certified Ethical Hacker) or equivalent web/application security testing qualification *CISSP (Certified Information Systems Security Professional) Experience and Skills Required: In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework. In depth understanding of secure web application development, Java, Java development frameworks, web services and SOAP. Experience in Web 2.0 (For ex, HTML5, CSS3 and JavaScript MVC frameworks (Angular JS). Comprehensive knowledge of IT and information security. Knowledge of security policies and standards and such as PCI-DSS and ISO 17799, 27001. Knowledge of technical security architectural principles. Able to prioritize workload and drive work to set deadlines. Exposure to methods of promoting security awareness. Strong communication (verbal/written) skills – able to create concise reports of the vulnerabilities and recommended steps in a way that non-technical people can understand Anticipates problems and identifies long-term implications of decisions and actions. Ability to lead a team of hackers Other desirable technical certifications: GIAC ethical hacker, GIAC Certified Web Application Defender, GIAC Web Application Penetration Tester ITIL certification or experience of working within an ITIL-oriented organization.

Additional Information

We are growing fast and need motivated and hard-working people to grow with us.