Senior Security Consultant - Organization Security (Fully Remote, Worldwide)

About Census

CENSUS is an internationally acclaimed Cybersecurity services provider. We support the needs of multiple industries, providing IT and OT security services to public and private organizations around the world, ranging from financial institutions and critical infrastructure to automotive and secure communications, including Fortune 500 companies. Powered by cutting-edge research, scientific analysis and in-depth engineering experience across various industries & technologies, CENSUS delivers unparalleled security consulting & assessment services for products (software, services, devices, and large-scale platforms), infrastructure, and organizations.

About the Job / Key Responsibilities

CENSUS’ bespoke cybersecurity services are built upon a talented pool of Security Engineers, whose role extends beyond mere adherence to industry best practices. Under the management and mentorship of our Senior and Principal technical managers, our Security Engineers are entrusted with assessing the completeness and maturity of an extensive range of cybersecurity products and features. Along with capturing defects and inefficiencies, in-depth mitigation strategies are explored, presented, and re-evaluated post their integration, in a highly agile and adaptive service delivery model.

We are looking for talented & ambitious professionals to grow our Security Engineering team and join our ongoing mission to deliver in-depth and top-tier cybersecurity services to our valued clients. As part of this role, you will use your knowledge and experience - in the Penetration Testing and Application Security domains – to execute security assessments and mitigation consulting activities scoped across organizations and products of various industries. As part of your daily tasks, you will:

• Conduct penetration tests (network, social, physical, adjacent, and more) that target Organizations, Networks, Application and Cloud infrastructure and evaluate their security defenses in-depth.
• Assess the security posture of applications (mobile, web / cloud, core networks, etc.) via functional testing, fuzz testing and other applicable methodologies.
• Review the security maturity of edge systems (IoT, kiosk terminals, operator terminals, etc.) that are interconnected via public or private networks.
• Conduct targeted research for the purposes of understanding a vendor specific technology, identify its security critical components, and prioritize impactful attack vectors.
• Document and present security risks & mitigation recommendations in both technical- and business-oriented language.

Minimum Qualifications

• BSc or MSc. in Electrical Engineering, Computer Science, Computer Engineering, or equivalent practical experience.
• 4+ years of experience in VAPT, IT security or application security (mobile, web front-end, backend, etc.) related roles. Experience can be an assessment / consultancy role, an equivalent role in other engineering organizations, or a combination of them.
• Proven experience in vulnerability assessment, penetration testing or security testing at the network, application, or system level.
• Active Directory and Cloud Infrastructure Knowledge

Key Skills

• Experience with Information Security fundamentals (risk management, security best practices, data protection, communication encryption, authentication, authorization, etc.) and cyber threats of modern systems & networks.
• Experience with the technologies and security controls present in application (web full-stack, WAF, EDR, data encryption, transport protection, etc.), network (firewalls, segmentation, IDS/IPS, VPN, etc.) and Windows / Linux system (privileges, roles/groups, AV/Endpoints, secret storage, etc.) architectures.
• Experience in identifying, exploiting, and reporting vulnerabilities in the context of Red Team / VAPT tasks (OWASP Web / Mobile Top10 vulnerabilities, access control, insecure configurations, secrets management, etc.).
• Experience in Active Directory Attacks (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, Golden Ticket, Silver Ticket, DCSync, Credential dumping, Abuse of ACLs, Lateral movement via SMB, etc)
• Experience in using pentest and other security related tools for information gathering, vulnerability discovery, exploitation, evasion, persistence, and pivoting in Cloud environments.
• Experience with authentication, authorization, role-based ACL, identity, and access management methods, such as OAuth, MFA, SSO, JWT, PKI, Cloud IAM, etc.
• Experience with basic cryptographic primitives, such as symmetric & asymmetric encryption, authenticated encryption, key derivation, and key exchange.
• Ability to monitor the current threat landscape, emerging threads and follow their technical analysis and published exploitation techniques.
• Problem solving skills, analytical thinking, and willingness to learn/grow.
• Proficient in English and excellent communication skills.