Senior Consultant: Security

About us



NTT Ltd help our clients grow their business and improve their competitive market position by delivering fully integrated services, including Global Networks, Cybersecurity, Managed IT and Applications Services, Datacenter and Cloud Services all combined with Business Consulting and deep industry expertise. We have a long heritage of innovation and social responsibility. As a top five Global Technology and Business Services provider we employ a global, inclusive and diverse workforce in 88 countries. We work with more than 85% of the Fortune Global 100 companies and many thousands of other clients and communities to help them achieve their goals and we always advocate for a sustainable future.

Successful candidates may be subject to background and security checking.


Job Summery


The Penetration Testing Consultant serves as a technical expert and possesses practical experience as a skilled penetration tester.

This position requires the consultant to work both independently and as part of a team to perform Threat Validation and Assurance services that include: Vulnerability Assessments, Penetration Tests, Wireless Security Assessments, Red Team Exercises and Social Engineering.

A Penetration Testing Consultant is viewed as an essential member of the security consulting team, providing technical expertise and contributing to the development of the Security Consulting practice. This job is project-based and often involves working at customer sites. Performance is typically measured by the quality of work, utilization (i.e., billable hours) and/or delivery of agreed assessments within budgeted hours.



Key Roles and Responsibilities:


Scope and deliver internal and external infrastructure and network penetration tests.
Scope and deliver application, web application, web services (API), mobile application penetration tests.
Scope and deliver wireless penetration tests.
Maintain good working relationships with clients to manage their expectations of service including delivery, timing, and value to be delivered
Actively participate in methodology development of threat validation and assurance services
Provide technical pre-sales support, alongside sales, to develop scopes of work and project requirements. This will include writing customer facing proposals and attending meetings with new and existing customers
Participate in community of practice and research and development activities.



Knowledge, Skills and Attributes:


Knowledge of security testing and assessment methodologies and frameworks such as OWASP, Mitre ATT&CK® Framework, OSSTMM, NIST and PTES industry best practices and generally accepted information security principles.
Demonstrated experience in using security assessment tools and techniques that include, but are not limited to; Burp Suite, Kali Linux, Nessus, Nikto, Metasploit, NMAP etc.
Ability to combine multiple separate findings to identify complex blended vulnerabilities that would not be exploitable as a result of a single weakness is required.
Ability to identify, describe and report vulnerabilities and standard remediation activities, to include clear demonstration of risk to clients through post-exploitation activities is required.
Excellent verbal and written communication and report writing skills.
Ability to formulate and communicate technical and complex security vulnerabilities findings to both technical and non-technical audiences in a clear and effective manner
Consulting experience with large, fast-paced projects.
Ability to work well independently as well as part of a team on complex engagements
Knowledge of security architecture methodologies, industry best practices and generally accepted information security principles.
Knowledge and experience in OT and ICS penetration testing advantageous.
Knowledge and experience in IoT and Smart Device / sensors penetration testing advantageous.
Familiarity with many different network architectures, network services, system types, network devices, development platforms and software suites required (e.g. Linux, Windows, Cisco, Oracle, Active Directory, JBoss, .NET, etc.) required.
Demonstrated ability to create comprehensive assessment reports required.
Proficient in International English – speaking and writing



Academic Qualifications and Certifications:


Degree in Information Technology or Information Security or equivalent work experience
OSCP or CREST certified practitioner highly advantageous,
CEH or Security + Certification advantageous



Required Experience:


Minimum of 1 year penetration testing and technical security assessments consulting experience.

Read Less