Security Consultant 124562BR

Recruiter
Raytheon U.K.
Location
Home Based
Posted
12 Oct 2018
Closes
11 Nov 2018
Ref
124562BR
Discipline
Other, Scientific, Systems

Business Role:
Raytheon UK Advanced Cyber Solutions (ACS), in partnership with Raytheon Cyber (RC) in the US, is a growing managed cyber security service provider (MSSP). Raytheon UK ACS provides high-end virtual security operations centres (V-SOCs), Managed Detection & Response (MDR) service solutions and cybersecurity professional services. It excels at providing strong computer network defence solutions, including advanced security monitoring and cyber “hunting” capabilities.

At the core of the business is the virtual security operations centre (V-SOC) capability, through which Raytheon delivers high end threat analysis and hunting. Raytheon’s professional services (PS) also include consulting, incident response and forensics. This tiered service approach is tailored to customer needs, to help improve security and reduce risks.

Role:
Execution of Professional Services delivery in the form of penetration testing and red team assessments of customer enterprise, identification of vulnerabilities and recommendation of corrective action. The role will be hands-on working on customer sites, home-based or on Raytheon sites. Consultants will conduct analysis, research and vulnerability assessments of customer enterprises across the spectrum, from social engineering (including physical access) to technological compromise of devices and networks.

The Security Consultant will deliver end-to-endpenetration testing and red team engagements Red Teaming engagements which may include social engineering, infrastructure, web application and IoT attack scenarios. In addition to being technically proficient within the realms of offensive red teaming, the Security Consultant will also possess a solid understanding of mitigation and defensive controls which can be articulated to Raytheon UK’s clients.

Reporting to the Team Leader, a Consultant will have a passion for cyber research and uncovering the unknown about security threats and threat actors. These Consultants will become the face of Advanced Cyber Solutions, working at the cutting edge of Cyber Security.

Key Tasks:

  • Perform Professional Services Red Team engagements
  • Deliver penetration testing & vulnerability assessments of web application and infrastructure environments
  • Write full and accurate reports based on the findings of each engagement, providing tailored remediation advice to increase client security
  • Research and continually evolve the Raytheon Professional Services offering
  • Support the Lead Consultant with Red Team tooling and infrastructure development to facilitate successful client engagements including COTS products and self-developed exploitation tools
  • Utilise and develop the Red Team methodology and innovate techniques and tools to further enhance the Raytheon Professional Services offering
  • Keep up to date with the latest IT Security issues, tools, techniques and procedures (TTP) to ensure the PS team successfully increases client cyber security maturity through emulation of these TTPs to assess cyber risk
  • Where required, support business development teams with technical support during later phases of solution design.
  • This role will requier international travel to customer sites.


Skills/Attributes:
Consultants will have

  • Delivered technical Red Team or penetration testing cyber security assessments and/or have designed methodologies and processes for these engagements
  • As good working knowledge of security in the following areas: Windows Active Directory, Web application security and vulnerabilities, NIPS and HIPS, File Integrity Monitoring, Firewalls DLP, 2FA, Certificates, Wireless, Network Policy Management, Firewalls, IPS, AAA, routers/switches, physical security, social engineering, Citrix and Virtualisation etc
  • Demonstrated knowledge of Linux/UNIX & Windows operating systems
  • A detailed understanding of the TCP/IP networking stack & network technologies
  • Detailed cyber security knowledgeable and an in-depth understanding of business risk and cyber security service delivery


Experience:

  • Essential:
    • At least 2 years of experience in performing small to medium-sized PS engagements and/or penetration tests Demonstrably strong skills and evidence of delivery in some of the following security domains:
      • Red Team engagements (including cyber evasion and physical access techniques)
      • Social engineering (including phishing and/or vishing)
      • OSINT analysis and assessments
      • Infrastructure penetration testing
      • Web application penetration testing
      •  Experience with security tools such as Nmap, Metasploit, Kali Linux, Nessus, Burp Suite Pro etc. as well as other commercial or self-developed tools
      • Strong attention to detail in reviewing own work to ensure accurate service delivery and analytic output

Desirable:

  • Ability to explain technical concepts and findings to senior, non-technical stakeholders in a business risk orientated language
  • Experience in a common scripting language such as python, ruby, bash
  • Tool development experience as part of a Red Team engagement
  • Knowledge of a programming language
  • Experience speaking at conferences and involvement in the wider information security community
  • Technical writing including the publication of technical whitepapers
  • Experience in delivering services or service within government agencies
  • Experience within finance, insurance or critical national infrastructure sectors

Training:

  • Training will be provided in the latest RC methods and approaches to enhance existing PS skills but it is expected that Consultants will be experienced practitioners in Cyber Security Professional Services delivery

Certifications:

  • Essential:
    • CREST CRT or equivalent level of IT security related certification
    • Bachelor of Science degree in Computer Science, Computer Security or a related technical field or equivalent professional experience
    Desirable:
    • CREST CCT, OCSP

Similar jobs

Similar jobs