The Consultant will report to the Chief Technology Officer and will lead Seiso’s Blue Team and Red Team consulting practices, working both independently and as part of a team to:
Partner with clients to develop a trusted relationship.
Manage successful outcomes by coordinating, leading, and participating on a wide variety of Seiso engagements, such as penetration testing, building mature application security programs, implementing controls to accomplish ISO 27001 certification in a client’s security program, and automating governance activities using open source and custom tooling.
Supervise, lead, mentor, and cross-train teams of both blue team and red team consultants.
Demonstrate and promote a thorough understanding of complex information systems and security standards. Quickly gain a working knowledge of customer’s IT/Security environments through conversations and observations.
Advise technical and non-technical audiences on information security concepts using presentations, reports, code samples, and visualizations.
Perform vulnerability assessments and penetration tests on cloud, wired, wireless, and physical environments, as well as web, mobile, and thick client applications, and leveraging social engineering tactics where appropriate.
Strong project management skills, problem solving/critical thinking skills, and verbal and written communication skills.
Bridge the gap between traditional security teams and developers by advising and applying DevOps concepts to existing security processes, and by integrating security activities into developer tools.
Leverage advanced technology solutions to solve legacy application and infrastructure problems.
Use code to programmatically perform job duties, such as to identify risks and/or automate the identification and response of malicious actions.
Identify and implement TTPs (Tactics, Techniques, and Procedures) to manage security risks.
Create, develop, mature, and contribute to Seiso’s catalog of services and related security frameworks. Act as the service development lead for Seiso’s Catalog of red team and blue team services.
Autonomously contribute to the security community, primarily focused in the areas where Seiso operates.
Support other Seiso engagements, such as those being led by the GRC Team.
Continually research and learn new technologies and techniques through a mix of self-guided and formal training.
Cultivate new and existing client relationships to develop business opportunities for Seiso.
Perform other duties as assigned.
Seiso’s culture has three main tenants:
Seiso: Exemplify our name by being neat, clean, and organized.
Curiosity: Ask questions, think deeply and critically, consistently learn from and teach others, regularly improve and grow.
Be Prepared: Take initiative, be on time and prepared, optimize the use of everybody’s time.
Qualifications and Education Requirements
Ten or more years of experience in Information Security with a focus on protecting companies using both an attacker and defender point of view. Experience engineering applications to be robust and resistant to attack, such as is described in the Rugged Manifesto at https://ruggedsoftware.org/.
Three or more years of experience working with cloud providers such as AWS, Azure, or GCP.
Four or more years of experience working with git, docker, SAST, DAST, and related CI/CD tooling.
Familiarity with common security frameworks and regulations such as SOX, HIPAA, PCI-DSS, GDPR, NIST 800-171, CMMC, ISO 27001/2, and SOC 2.
Experience working with intrusion detection and prevention, network security monitoring, host security and hardening, networking and system administration, cryptography, and/or database administration.
Clear understanding of emerging development trends, including cloud native architectures, DevOps, and microservices.
Maintain a bio that reflects experience across a variety of security focus areas, including a CISSP and OSCP or equivalent training and certification, as well as a track record of extensive security program accomplishments.
Expert knowledge of Operating Systems, including Windows, macOS, and Linux.
Be proficient in at least one programming language such as PowerShell, Python, Ruby, C++, Java, or Golang.
Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
Telecommuting is allowed.
About Seiso, LLC
Seiso works with companies to organize and simplify their security programs by providing advisory, assessment, and technical services.
At Seiso we strongly believe in structure, organization, and simplicity. We use industry standard frameworks and classification methods to help companies understand and proactively manage risks to their critical functions and the assets that support them.