Braintrust is hiring a
Security Consultant

Summary

The job description is for a Security Consultant - VAPT position at ProArch, a global IT consulting firm. The role is a freelance, contract position located in Albany, NY, Atlanta, GA, Buffalo, NY, or Rochester, NY. The estimated duration is 40 hours per week for a long term period. The hourly range is $75 - $85 and the job requires at least 5 years of experience in penetration testing and vulnerability assessments.

Requirements

• At least 5 years of experience in penetration testing and vulnerability assessments, with a focus on web applications, networks, and infrastructure
• Must be proficient in python development. Proficiency in other scripting languages such as perl, ruby, etc. is an added advantage
• In-depth knowledge of various penetration testing tools and frameworks (e.g., Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark, etc.)
• Strong understanding of common vulnerabilities and attack vectors (e.g., SQL injection, cross-site scripting, buffer overflows, etc.) and corresponding mitigation techniques
• Familiarity with industry standards and frameworks such as OWASP, OSSTMM, and NIST
• Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and related security controls
• Excellent analytical and problem-solving skills, with the ability to think creatively and strategically to find vulnerabilities
• Effective communication and presentation skills to convey complex technical concepts to both technical and non-technical stakeholders
• Development knowledge of common programming languages like java, asp .net, PHP, etc. would be an added advantage
• Bachelor’s degree in computer science/Engineering/IT or significant demonstrable experience in IT/OT security
• Must have leading Penetration Testing/Red Team Certifications such as CompTIA PenTest+, GIAC Penetration Tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Certified Professional (OSCP), CREST Registered Penetration Tester (CRT), Certified Red Team Operations Professional (CRTOP), EC-Council’s Certified Penetration Testing Professional (C|PENT) or other Penetration Testing certifications

Responsibilities

• Conduct comprehensive penetration testing and vulnerability assessments on computer systems, networks, and applications
• Identify and exploit security vulnerabilities through manual testing techniques, automated tools, and other means
• Perform in-depth analysis of test results, documenting and communicating findings to technical and non-technical stakeholders
• Develop and execute detailed test plans and methodologies for conducting penetration tests
• Collaborate with cross-functional teams, including developers, system administrators, and network engineers, to implement remediation strategies and mitigate identified vulnerabilities
• Manage project timelines, deadlines, and expectations – including client interaction
• Stay updated on the latest security threats, attack vectors, and penetration testing techniques, and continuously enhance knowledge and skills in the field of information security
• Assist in the development and improvement of security policies, procedures, and guidelines
• Mentor and provide guidance to junior members of the penetration testing team
• Participate in red teaming exercises and simulate real-world attack scenarios to assess the overall security posture of the organization
• Maintain accurate and detailed documentation of testing activities, findings, and recommendations
• Prepare reports documenting identified issues based on internal templates
• Interact with clients to deliver results, provide feedback, and remediation recommendations on findings
• Research emerging security topics and new attack vectors
• Perform and review the hardening of the systems and network devices