Integrity Technology Systems, Inc. Information Security Consultant (Penetration Tester) in Ankeny, Iowa
This role will have a technical focus on penetration testing of network infrastructure and web applications, social engineering and digital investigations.
Perform vulnerability, penetration testing, and social engineering assessments. Including infrastructure and web application assessments as well as phishing, pre-texting, and physical entry engagements.
Audit, test, or review system architecture for compliance with best practices and/or regulatory requirements. Review and recommend technical, administrative and physical controls to mitigate identified risk.
Assist with client incident response and digital forensics. Develop internal processes and procedures around these areas.
Assist information security consultants with review or analysis of technical projects and troubleshooting.
Assist with SIEM analysis and incident review. Develop additional MSSP enhancements to aid in the detection of advanced threats.
Assist sales efforts by supporting initial scoping conversations and performing needs analyses to help drive business development efforts. Identify additional opportunities within existing client base and work with client to expand usage of Integrity’s service portfolio.
Contribute to marketing activities by writing social media updates and blog postings covering technical topics and attending trade shows, conferences, and professional association chapter meetings.
Skills and Qualifications
Demonstrated experience finding and exploiting vulnerabilities with network infrastructure, web applications and database systems.
Experience with vulnerability scanning and penetration testing tools and techniques.
Familiarity with regulatory/compliance requirements (e.g., PCI, HIPAA, SOX), information security frameworks and controls (e.g., NIST, ISO, CoBIT).
Strong attention to detail and ability to document findings and convey information.
Ability to manage project deliverables and deadlines.
Demonstrated experience reviewing and recommending appropriate technical, administrative, and physical controls.
Ability to identify and evaluate risk to IT systems and communicate risks to management.
Demonstrated experience selecting and implementing appropriate risk mitigation strategies to ensure IT systems remain within established risk tolerance levels.
Ability to clearly communicate with co-workers, management, clients and vendors.
Maintain a professional appearance and vocabulary.
- Professional Certification - (e.g., OSCP, GWPEN, GPEN, CEH) at least one certification will be required within 6 months of employment.
- Ability to travel nationally or internationally. Less than 10% travel is expected for this position.