Senior Technical Cyber Security Consultant

Job Description
WithSecure delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.

Our mission is to assist our clients in being more resilient tomorrow than what they are today. In order to achieve that mission, we need people that love breaking (into) stuff or investigate what happened during a cyber incident. In our Consulting unit you will be doing that and not only, as a Senior Technical Cyber Security Consultant. You will use your knowledge and experience in partnering with our clients to continuously enhance their cyber resilience.

We are currently looking for experienced people to join our offensive team in Copenhagen, as technical Senior Cyber Security Consultants.

Key Responsibilities

• Your primary responsibility will be to conduct professional security assessments for our clients across all our verticals (finance, gambling, critical infrastructure, world-leading brands), as well as consulting and advisory services, resulting in world-class assessment reports and presentations.
• The bulk of your work will consist of a mix of security assessments, web applications, mobile applications, infrastructure, and server deployments. Based on interest and skillset, code review, cloud assessments (across multiple providers), SOC assessments, purple team exercises, red team engagements and hardware hacking is also on the table.
• Support and mentor junior colleagues, lead projects, and generally contribute to the success of the team as a whole.

What We Are Looking For

• An experienced and creative security professional who is not limited to following checklists or pre-defined test cases. Our clients' solutions and requirements are continuously evolving, and your approach to testing needs to do the same.
• Hands-on experience with discovering and exploiting vulnerabilities.
• Experience beyond security products, IT procurement, and installing or deploying security software or appliances. We BREAK processes, products, and software. We are technology agnostic, and we work with what makes sense for the given task.
• Capability of going beyond the OWASP Top 10 and scanning for low-hanging fruits. Ability to identify exotic, obscure, and sometimes down-right bizarre configurations and deviations from best practices.

Here is What We Do

• Security assessments, pentesting, hacking, cracking, reverse engineering, etc. The point is that we attempt to break the security models, products, applications, code and features employed by our clients to help improve the overall security posture of their business, before the threat actor does.
• Automated and manual vulnerability discovery, enumeration, identification, and exploitation. We expect you to have experience with all of these, and know when to do one and not the other.
• Web application, mobile application, web services and API security assessments. We do these based both on automated and manual source code review, runtime testing and high-level architecture reviews, utilizing our many years of experience with offensive tooling and understanding of application vulnerabilities.
• Business impact analysis, contextualizing vulnerabilities and articulating risk. Because a cool hack, technical writeup, or concise CVSS score, means very little to actual businesses, unless you can explain exactly how a vulnerability or weakness could end up hurting the client.
• Executive writing, high-level summaries of complex technical content for non-technical senior managers, as well as detailed technical writeups, steps to reproduce, and actionable recommendations aimed at developers, system administrators and solution owners.

Requirements

• A clean criminal record. You must be able to obtain a security clearance, and stand up to a standard background check.
• A core understanding of computing and information systems, network technology, trusted computing principles, secure development practices and modern applications across multiple platforms.
• Excellent English skills, both orally and in writing (any other languages are simply a bonus).
• Consulting experience within the cyber security field.
• Self-motivated, a problem-solver and have a life-long learning mindset that drives you to continuously learn and apply that knowledge in your partnership with clients.
• Structured in your approach and have the ability to support your peers in a structured and reproducible manner, to help uplift the efforts of everyone around you.
• Great communication skills and the ability to present technical jargon in an understandable way.
• Not fazed by stressful situations, and able to keep your head cool when our clients might be stressed and lose their cool.

Bonus Points

• Information security certifications such as OSCP, OSCE, GPEN, GWAP, CEH, CRTP, CISSP or similar. Technical certifications relating to security testing are not a requirement, but for sure a bonus. If you don't have any, don't worry, we value experience and skillset way above pieces of paper.
• A degree in Computer Science or equivalent experience or training.
• You run your own lab environment, experiment with existing tools, develop your own tool, contribute to FOSS projects, participate in industry and community events such as conferences, hackerspaces or CTFs.

What Will You Get From Us

• Expected salary in the range of 40k-60k DKK, depending on qualifications and experience.

Benefits Include

• Extensive health insurance.
• Company supported sport activities and other wellbeing support.
• Paid phone and home Internet.
• Paid parental leave.
• A great lunch arrangement, that serves tasty and varied food catering to most diets.
• A bright and spacious office, with excellent chairs, monitors, and peripherals.
• An opportunity to work with some of the best technical security people in Europe with a wide variety of passions and skills.
• A chance to do what you are passionate about and get paid for it.
• An opportunity to work with some of the most demanding and interesting clients in the world.

About the Company
Purpose – Why We Exist
We are here to build and sustain trust in a digital society — trust that is threatened by uncertainty, fear and worry caused by cyber attacks and crime.

Vision – Where We Are Heading
No one should experience a serious loss because of a cyber attack. We envision a future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.

Mission – What We Do
Accelerate transition to outcome-based security. Our mission is to research, innovate and build technologies, human expertise and delivery-business models that will accelerate our customers’ and partners’ transition to outcome-based security.

Diversity & Inclusion:
WithSecure is an equal opportunity employer and believes that employing a diverse workforce is central to our success. We are committed to ensuring all qualified applicants will receive consideration for employment without regard to nationality, colour, race, ethnic or national origin, sex, gender (including gender reassignment), sexual orientation, religion or belief, age, marital status or physical or mental disability.

We will do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you