This is not a typical blog from us where we discuss security issues and solutions, but rather a post letting you know about two exciting positions now available on our team. If you are interested in applying, please contact us at SystemExperts.

Information Security Compliance Consultant

We are looking for an IT security/compliance consultant to assist in the performance of a wide variety of IT security compliance engagements, including but not limited to those using ISO 27001/2, HIPAA, and the Payment Card Industry Data Security Standard. Key skills include the ability to:

Understand enterprise environments, ranging from Small-Medium Businesses (SMB) to large complex environments

  • Analyze administrative, physical, and technical security controls, based on risk
  • Speak English at an advanced level
  • Develop size-appropriate recommendations for identified security gaps, based on industry best practices
  • Produce well written and highly detailed reports
  • Write comprehensive information security documentation (i.e., policies, standards, guidelines, procedures)
  • Perform other security-related engagements, including security architecture reviews, network/web application vulnerability testing, and other ad hoc security consulting services

The ideal candidate will have at least 3 years of security experience, a relevant college degree, a pertinent professional credentials (i.e., CISSP), be comfortable writing documents and capturing the details of interactive technical discussions with security professionals in Fortune 500 companies. The ideal candidate will be self-motivated and:

  • Comfortable with up to 40% travel
  • Capable of working independently from a home office

Application Security Penetration Tester

We are looking for an application security penetration tester to perform application vulnerability testing and security source code reviews. Key skills include knowledge of (and ideally penetration testing experience with) JavaScript, Java, JSP, Objective C, Oracle, MS SQL Server, and Web Services including RESTful services, as well as familiarity with Windows, OS/X and Linux environments.  Proficiency in mobile testing is a strong plus, in both the iOS and Android environments, including use of the appropriate developer tools. The applicant must also be knowledgeable of network oriented issues in TCP/IP environments as well as database concepts. Familiarity with common testing tools such as Burp and Wireshark is a requirement; knowledge of other tools such as those made by HP WebInspect and IBM Rational is a plus.

We require that the candidate have 1 to 3 years of security experience, a relevant college degree, and be comfortable writing documents and having interactive technical discussions with security professionals in Fortune 500 companies. The ideal candidate will be self-motivated, capable of working productively and independently at a client site or home office, and be located near Philadelphia.