Skip to main content CDW
eeo icon

CDW is an equal opportunity/affirmative action employer committed to a diverse and inclusive workplace.
If you need assistance in applying for a position, please complete our accommodation request form.

Senior Security Consultant – Threat Assessment - Siriusat CDW Careers

Job ID: 
22000273
Focus Area: 
Project Management
Date Posted 
May 18, 2022
Location: 
Remote, Remote
Employment Type: 
Full-Time


Sirius Computer Solutions is a CDW company. We share common values as a performance-driven, customer-focused culture. CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers across the globe. 

The Senior Security Consultant will perform project execution and report preparation activities and findings in support of client engagements. The Senior Security Consultant will provide expertise in support of the sales organization and be expected to contribute to practice development by way of process improvements and assistance with new offering development.  

 

Primary Duties & Responsibilities 

  • Provides sales team with technical and security expertise in support of business development activities. Participates in sales calls, helps scope projects, provides pricing estimates and creates pre- and post-sales documentation.   
  • Receives work assignments and timelines from the Project Manager. Communicates with the Project Manager to keep the PM up to date on project status.   
  • Provides clients with consulting services during a contracted engagement. Works within area(s) of expertise (e.g., penetration testing, social engineering testing, framework compliance, etc.). 
  • Conduct penetration testing of web and mobile applications. Candidate should be able to perform manual exploitation of identified vulnerabilities 
  • Ability to recognize, explain, document and report vulnerabilities and exploits, describing remediation activities, with the ability to effectively communicate the results, in both technical and layman terms, to the appropriate audience. 
  • Executes compliance initiatives including third-party reviews, regulatory reviews and due diligence initiatives.  
  • Reviews all findings and recommendations and works with assessment team to determine appropriate actions  
  • Understands and identifies business processes specific to the client's environment and the appropriate risk management practices. Makes recommendations for improvement of processes and controls  
  • Creates and presents clients with reports detailing methodology, findings, recommendations and remediation activities to increase security within the target environment  
  • Builds focused relationships with clients to identify business challenges  
  • Makes recommendations to solve client problems  
  • Directly interacts with clients, sales team, managers and other technical team members to identify, develop, and obtain complete information for solutions including hardware, software and services, and scope statement and level of effort 
  • Documents completed technical work for clients  
  • Maintains technical specifications throughout a project  
  • Contributes and develop best practices, strategies, methodologies and documentation/templates suitable for reuse by other Consultants and Analysts  
  • Achieves high level of Client Satisfaction on all consulting engagements by executing to achieve client project expectations  
  • Develops strong client relationships and trust to secure future business Reviews and understands all assigned Statement of Work (SOW) obligations prior to services delivery  
  • Maintains accountability to work estimates and project financials  
  • Provides technical perspective to ensure a realistic estimation of scope, cost and level of effort for proposal generation  
  • Serves as a point of contact to the client for technical issues and status  
  • Mentors less senior personnel and serves as escalation point for their technical related project issues  
  • As needed, steps into team leadership roles and empowers others to increase contribution and level of responsibility  
  • Complies with all time compliance and time entry guidelines  
  • Meets billable utilization targets  
  • Training/Certifications - Engages in professional development, including obtaining industry related certifications as directed by management, to maintain continued growth in professional skills and   knowledge  
  • Administrative Overhead – Respond to email, phone calls, complete time cards in a timely manner, expense reports and status reports as required  
  • Performs other duties as necessary 

Basic Qualifications

  • Bachelor’s Degree in Telecommunications, Engineering, Computer Science, Management Information Systems, or a related field  
  • At least five (5) years Information Technology work experience with one or more Security solutions in the Sirius portfolio,  to include:   
    • At least three (3) years IT experience performing network penetration testing, social engineering testing, or vulnerability assessments 

Other Position Requirements

  • Ability to think creatively when dealing with complex situations and attempting to manipulate and break applications 
  • Demonstrated understanding of the OWASP top 10 and experience in discovering, verifying, and exploiting these vulnerabilities. 
  • Demonstrated knowledge of and ability to create Proof-of-Concept exploits for the following vulnerabilities: 
    • XML External Entity (XXE) Processing 
    • Cross Site Scripting (XXS) 
    • Injection style vulnerabilities such as SQL Injection (SQLi) 
  • Ability to discuss vectors for sensitive data exposure within various web applications frameworks 
  • Must be proficient with BurpSuite Professional 
  • Demonstrated knowledge of Page Controller and Model View Controller design/architecture and the difference in approach required for testing 
  • Demonstrated knowledge of the common approaches to remediating the OWASP top 10 
  • Demonstrated knowledge of the OWASP Application Security Verification Standards (ASVS) 
  • A working knowledge of Secure SDLC best practices 
  • Experience with programming or scripting languages such as Python, Powershell, Bash, Ruby, Java, XML, SOAP, JSON, AJAX, etc. 
  • Experience with exploitation of vulnerabilities identified through the course of testing 
  • Proven TCP/IP and packet analysis skills 
  • Ability to create project reports to convey complex, technical information clients can understand 
  • Demonstrated communication and presentation skills, to include the ability to effectively work with clients in a consulting environment     
  • Demonstrated ability to manage multiple projects and timelines 
  • Demonstrated ability to perform technical skills/knowledge transfer to client 
  • Knowledge of emerging security technologies, software, and methodologies 
  • Demonstrated ability to collaborate effectively with a wide variety of client and Sirius team members, including management and technical staff  
  • Demonstrated ability to investigate complex problems where analysis of situations or data requires an in- depth evaluation of variable factors from multiple IT solutions and/or disciplines  
  • Demonstrated understanding of core business functions of a typical company, and ability to employ step by step logic to solve business problems  
  • Experience as a member of a technical project team, from design through delivery  
  • Experience troubleshooting and identifying potential problems and making appropriate changes as necessary  
  • Experience creating technical documentation  
  • Demonstrated ability to work with wide variety of client staff including management and technical staff  
  • Demonstrated ability to provide guidance and leadership to less experienced technical team members, including delegating technical tasks, and at times resolving issues of poor technical execution without escalation 
  • Demonstrated presentation and communication skills, including effectively communicating one-on-one, and in small and large groups, using a variety of presentation methods to sustain the audiences’ engagement  
  • Demonstrated time management and organizational skills; ability to handle multiple tasks simultaneously  
  • Demonstrated ability to establish positive working relationships and conduct complex and important work critical to the organization in a team consulting environment 

Preferred Qualifications:   

  • Consulting experience 
  • Experience as a developer and proficiency with .NET or Java 
  • A demonstrated understanding of Web Application development  
  • Significant experience in development program creation and refinement 
  • Experience with secure coding best practices in .NET or Java 
  • Experience performing Secure Code Reviews 
  • Offensive Security Web Expert (OSWE) Certification 
  • Offensive Security Certified Professional (OSCP) Certification 
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification 
  • GIAC Penetration Tester (GPEN) Certification 
  • GIAC Web Application Penetration Tester (GWAPT) Certification 
  • ISC2 Certified Information Systems Security Professional 
  • Experience or willingness to perform public speaking 
  • Knowledge of emerging security technologies, software, and methodologies 

Data Privacy and Security:   

  • All Sirius employees are responsible to safeguard the information and information systems that they use or handle in the execution of their duties. Employees are obligated to know and perform their duties in accordance with Sirius policies, standards, and procedures related to security and report security violations to the appropriate Sirius authority. 
  • Participate at hire and annually in the Information Security Awareness training as well as other required training identified by the Human Resources department.  Other data privacy and data security related regulatory training may be required based on your role or assignment. 

Essential Functions 
The position exists to provide technical consulting solutions to customers and as such requires the ability to travel to and from customer sites and interact with customers on an ongoing and regular basis.   

The above primary duties, responsibilities, and position requirements are not all inclusive. 


COVID-19 Update:
CDW is committed to maintaining a workplace that is free of known hazards and to ensuring the safety, health, and well-being of coworkers and candidates for employment and their families, as well as the community.

CDW requires all coworkers be fully vaccinated against COVID-19, with the only exceptions being a documented, legally required medical or religious accommodation.  Prior to starting with CDW, successful candidates will be required to: (i) be fully vaccinated against COVID-19 and provide CDW with proof of full vaccination; or (ii) apply for and receive a medical or religious-based accommodation to be exempt from the mandatory vaccination policy.

 
Create Job Alert
Create Job Alerts