Senior Consultant - Cyber Security

As part of our Cyber Technology Consulting team, you will be performing managed or ad-hoc vulnerability assessment and penetration testing for various clients across the Jordan region. Working with Cyber Technology consulting team, you will also perform application security assessments, code & architecture reviews, threat modelling, configuration audit, AD assessments, social engineering assessments, red/purple teaming etc. The client base spans across various sectors and includes collaboration with other teams within Advisory services.

The opportunity

We’re looking for a Senior Consultant with real hands-on expertise in Generative AI expertise to join our cyber security team consulting team. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of our service offering.

Your key responsibilities

• Perform end-to-end project execution for end clients (VAPT domain) both offshore and onshore.
• Perform infrastructure penetration testing and vulnerability assessments.
• Perform web/mobile/API penetration testing.
• Perform threat modelling, security code reviews and architecture reviews.
• Perform security configuration reviews for OS, Databases, Network & Security devices, applications etc.
• Perform Active Directory assessments.
• Perform Red Team assessments/Attack Simulations aligned to cyber kill-chain and MITRE ATT&CK.
• Experience with AV evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc.
• Experience with both commercial & open-source tools mapped to the different stages in the cyber kill-chain.
• Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events.
• Analysis of the patches released by the vendors.
• Prepare reports and convey the observations to the top management in layman’s language emphasizing on the business risks.
• Mentor junior resources or managing a group of resources.

Skills and attributes for success

• Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other documents/templates.
• Good Communication skill and willingness to travel at a short notice.
• Demonstrating and applying strong project management skills, inspiring teamwork and responsibility with engagement team members.
• Hands-on experience with tools/frameworks like Kali, Burp Suite, Nessus, Qualys, Acunetix scanners (DAST and SAST).
• Good knowledge of OWASP and Secure SDLC standards.
• Hands-on experience with programming using Python/Perl/PowerShell/C++.
• Hands-on experience with exploit development and VS code compilation.
• Hands-on experience with C2 frameworks (e.g.PoshC2, Covenant, Metasploit etc.).
• Hands-on experience with setting-up phishing and red teaming infrastructure.
• Good knowledge of encryption technologies & MiTM attacks.
• Good understanding of MITRE ATT&CK framework and how to leverage it.
• Good understanding of AD administration, different authentication mechanisms, trust boundaries etc.
• Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model.

To qualify for the role, you must have

• A bachelor's or master's degree.
• 5+ years of experience working as an Information security professional with cyber security assessment background in a professional services firm.
• Excellent communication skills with consulting experience preferred.
• A valid passport for travel.

Ideally, you’ll also have

• Experience with performing assessment related to Red Teaming, Network Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Secure Code review, AD Security Assessments, Vulnerability Management , Social Engineering Assessments, Wireless Penetration Testing.
• OSCE, OSCP, GPEN, LPT, ECSA, CEH, CompTIA Security+ (at least two certifications are desired).

What we offer

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.