Security Consultant - Philadelphia, PA

BTB Security has need for an Information Security Consultant within BTB Security’s professional services team. The Security Consultant role is responsible for delivering a myriad of security projects for our clients. Projects include, but are not limited to, penetration testing, application security assessments, vulnerability assessments, as well as custom security projects designed to meet our clients’ needs. The following high-level goals and objectives are expected to be met by the Security Consultant.

  • Excellence in Project Delivery and Client Relationships
    All BTB Security services are designed to forge a trusted partnership with our clients. This comes from ensuring that all security services are delivered with excellence and are executed in a timely manner. Regular communication with clients and BTB management is equally important to ensure that expectations are being met.
  • Technical Expertise in Delivered Services
    The Security Consultant is expected to demonstrate technical expertise when delivering BTB services. Gaps in technical proficiency should be communicated prior to project execution to ensure clients receive expected value. Identified gaps will be used to guide training objectives.
  • Ownership of Unique or Complex Projects
    BTB Security offers a wide breadth of service offerings that range from shorter term assessments to more involved, custom security services. The Security Consultant may be responsible for taking ownership of these projects and client relationships to ensure that unique or complex projects are delivered successfully.
  • Sales Support
    The Security Consultant may be asked to work with the Sales Team to provide BTB Security Sales personnel with expert guidance during the sales process. Support may include advising sales personnel on scoping, validating that the client needs are being met, assisting with the development of statements of work, and identifying additional opportunities.

Required Skills

  • Prior experience as an information security consultant delivering several of the following services:
    • Risk Assessments
    • Penetration Testing
    • Vulnerability Assessments
    • Web Application Security Assessments
    • Compliance Assessments
  • Demonstrable expertise solving real-world security problems, not just security theory
  • Strong understanding of the TCP/IP suite of protocols
    • Difference between TCP and UDP
    • Purpose of a subnet mask
    • Role of TCP and UDP ports in network communication
  • Professional experience with network and systems architecture
    • Network segmentation (e.g., DMZ)
    • Intrusion Detection Systems
    • Web application architecture
    • Active Directory
  • Expert understanding of how major application layer protocols function (e.g., HTTP, SMTP, DNS, Kerberos)
  • Advanced knowledge of categories of malware and how they function (e.g., rootkits, trojans, adware, ransomware)
  • Expertise related to vulnerabilities and attack vectors such as:
    • SQL Injection
    • Brute force attacks
    • Portscans
    • Malware infection vectors
    • Phishing attacks
    • Driveby/Redirection attacks
  • Functional knowledge of programming/scripting (e.g., Perl, Python, Ruby)
  • Comfortable in multiple operating systems (Windows, Linux, Unix, OSX)
  • Be prepared to provide feedback on the following: TWVudGlvbiB0aGlzIGR1cmluZyB0aGUgaW50ZXJ2aWV3IHByb2Nlc3MK

Education / Certifications

  • Bachelor’s Degree or equivalent experience
  • CISSP
  • Optional:
    • CISA / CISM
    • OSCP
    • GSEC
    • Security+

Optional Skills

  • Network traffic analysis skills
  • Incident response
  • Digital forensics