|Date Posted||April 22, 2021|
CISSP / Pen Tester
American Fork, UT
Contract / (Moonlighting)
Contract Rate: $85.00 - $100.00 per hour
In this role, you would join the owner and help them determine the weaknesses of their systems by doing Pen testing and risk analysis. Then assist them to fix problems. Ideal candidate will be a CISSP resource to perform the penetration test.
Project details: Risk Analysis (Identification) - Risk Analysis is a process by which an organization addresses risks to the company, enterprise, infrastructure, applications, and more, and the availability, integrity, and confidentiality of each. Typically, it's preformed with an analysis of the critical risk as it relates to the ability of the company to function, and the likelihood that the risk might occur. The organization must address these, and set their appetite for each level of risk, and in what kind of a time frame each risk will be addressed and prioritized. SOC 2 Prep - Helping the client identify where they will find their evidence, identifying what is missing, and how to generate that evidence, which will be a policy, a process, logs, or maybe staff. Policy Writing: Writing a policy for the general governance of the organization, working with legal, HR, and organization leadership to make sure the policy identifies what a broad instruction and policy will be, and then making sure the policy is practiced at least as is outlined in the policy. External and Application Penetration Test
- Reconnaissance: The tester gathers as much opensource intelligence about the target (a lot of basics are provided during the scoping of the test, unless the test is to start completely green field (a black box test).
- Scanning: Scanning tools are used to gain quick insight into points of interest in the target. This is akin to an intruder checking a house for any unlocked doors or windows, checking to see if any vents aren't secured, etc.
- Gaining Access: Any potential vulnerabilities found during the scan are tested for viability, and the tester attempts to get a foot hold in the network or application.
- Maintaining Access: Establishing backchannel access, or persistent access.
- Covering Our Tracks: We attempt to erase all evidence of the attack, which frustrates forensic recovery efforts, in the case of a real attack.
An external network test is an assessment of the security of the public-facing network devices. An application penetration test is a test of the application, no hardware included (other than the web server(s) hosting the application, but they're not a direct target, they're only included if the application somehow grants access to the underlying server). Internal Penetration Test - An internal network penetration test is assessing the network devices available to trusted employees, simulating an attack from inside the organization.
Be a part of the ConsultNet difference. As a leading national provider of IT staffing and solutions, ConsultNet delivers exceptional services to startup, midmarket and Fortune 1000 companies across North America. Since 1996, we've partnered with clients to create rewarding opportunities for our consultants, successfully building teams that have surefire results.
In the past two years alone, we have placed more than 1,500 consultants in contract, contract-to-hire, or direct placement opportunities. We understand communication is key to finding the right job that matches your skills and career goals. For us, it's not just the work that we do; it's how we do the work. Our breadth of offerings extends to multiple IT positions in major markets throughout the country, see more at - www.consultnet.com