We are looking for experienced security pentesters, engineers, and researchers to join our security consulting practice. Job duties will include penetration testing, code review, security analysis and cutting-edge research into current technologies and attacks.
Principal Security Consultants (“PSCs”) are expected to act as Technical Leaders both within and outside of the company. Within the company, PSCs should contribute to NCC tools and research. Externally, their work should be made available via presentations at top-tier security conferences and through whitepapers and other technical publications.
Customers should specifically come to NCC Group for the skills our Principal Consultants. A Principal Security Consultant will be a key contributor to project delivery at NCC. PSCs will focus primarily on projects that are technically complex, require senior resources because of unique scoping, or that are ideally suited for mentoring junior employees.
Beyond client delivery and support, PSCs are relied upon to make a difference within NCC and in our industry and are given weeks of dedicated self-directed research and management time for a PSC Project.
We are a consultancy and so, when necessary, our work is sometimes performed on client sites. That being said, we are always working with clients to deliver remote work whenever possible. We also proactively monitor travel so that no one spends too much time on the road. By and large, we are a company run by security consultants, and we have no interest in burning ourselves out.
NCC Group has a casual culture, with people from diverse backgrounds who eat, drink and breathe security. We’re a social group and our various offices organize outings and events that are quite popular. We also host an annual conference for our consultants (usually somewhere warm during the cold winter months), where you can catch up with your peers and see the cool research that your friends have been working on.
Research is at the foundation of NCC Group and the work that we do. We speak at top-tier security conferences all over the world. All of our consultants receive time and resources to support their research endeavours. Research is rewarded with substantial bonuses for speaking at conferences, writing whitepapers, and creating tools.
Activities and Responsibilities:
In general, as a PSC you will have the following responsibilities:
• Lead complex multi-week or multi-month client engagements
• Participate in scoping efforts when proposing work for highly specialized projects
• Mentor other consultants in your areas of expertise
• Perform final review on deliverables such as reports and whitepapers
• Advance the state of security in your areas of expertise
• Significant and meaningful contributions in the areas of research, account management, or other organizational capabilities
• Deliver consultancy to the highest level in the practice
Required Experience / Skills:
The following qualifications and experience are important for being successful in this role.
- Bachelor’s program in Computer Science, Engineering, Cybersecurity, or equivalent.
- Minimum of 3 years of experience working in security.
- Minimum of 5 years of experience in management and delivering technical results or solutions.
Furthermore, we expect that the candidate will possess a mastery of 6+ technical security domains:
- Significant experience in 4+ programming languages, with extensive knowledge of how vulnerabilities can manifest in code.
- Web application security assessment
- Network security assessment
- Binary reverse engineering
- Network protocol reverse engineering
- Cryptographic analysis
- Low-Level application security assessment (firmware, kernel)
- Exploit research and development
- Enterprise technologies e.g. Virtualization (VMWare or OpenStack), WSUS, etc.
- Forensics and Incident Response
- Secure boot-chain or hardware security review
- Mobile application assessment (Android, iOS)
- Threat modeling and attack surface enumeration
- Physical security assessment
- Excellent spoken and written communication skills, because being able to explain a vulnerability is just as important as being able to find it!
- High-level of professionalism
- Outstanding attention to detail
- Ability to lead teams and multi-faceted projects effectively
- Self-motivated and a demonstrated self-starter
- Highly dependable
- Excellent management skills
- Willingness to travel