WithSecure delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach.
Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking.
They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.
Our mission is to assist our clients in being more resilient tomorrow than what they are today. In order to achieve that mission, we need people that love breaking (into) stuff or investigate what happened during a cyber incident. In our Consulting unit you will be doing that and not only, as a Senior Technical Cyber Security Consultant. You will use your knowledge and experience in partnering with our clients to continuously enhance their cyber resilience.
We are currently looking for experienced people to join our offensive team in Copenhagen, as technical Senior Cyber Security Consultants.
Key responsibilities
- Your primary responsibility will be to conduct professional security assessments for our clients across all our verticals (finance, gambling, critical infrastructure, world-leading brands), as well as consulting and advisory services, resulting in world-class assessment reports and presentations
- The bulk of your work will consist of a mix of security assessments, web applications, mobile applications, infrastructure, and server deployments. Based on interest and skillset, code review, cloud assessments (across multiple providers), SOC assessments, purple team exercises, red team engagements and hardware hacking is also on the table
- Support and mentor junior colleagues, lead projects, and generally contribute to the success of the team as a whole
What are we looking for
- An experienced and creative security professional who is not limited to following checklists or pre-defined test cases. Our clients' solutions and requirements are continuously evolving, and your approach to testing needs to do the same
- We are looking for someone with hands-on experience with discovering and exploiting vulnerabilities
- Someone with experience beyond security products, IT procurement, and installing or deploying security software or appliances. We BREAK processes, products, and software. We are technology agnostic, and we work with what makes sense for the given task
- We are looking for a candidate capable of going beyond the OWASP Top 10 and scanning for low-hanging fruits. We expect you to be able to identify exotic, obscure, and sometimes down-right bizarre configurations and deviations from best practices
Here Is What We Do
- Security assessments, pentesting, hacking, cracking, reverse engineering, etc. It has many names, but the point is that we attempt to break the security models, products, applications, code and features employed by our clients to help improve the overall security posture of their business, before the threat actor does
- Automated and manual vulnerability discovery, enumeration, identification, and exploitation. We expect you to have experience with all of these, and know when to do one and not the other
- Web application, mobile application, web services and API security assessments. We do these based both on automated and manual source code review, runtime testing and high-level architecture reviews, utilizing our many years of experience with offensive tooling and understanding of application vulnerabilities
- Business impact analysis, contextualizing vulnerabilities and articulating risk. Because a cool hack, technical writeup, or concise CVSS score, means very little to actual businesses, unless you can explain exactly how a vulnerability or weakness could end up hurting the client
- Executive writing, high-level summaries of complex technical content for non-technical senior managers, as well as nitty gritty detailed technical writeups, steps to reproduce, and actionable recommendations aimed at developers, system administrators and solution owners
Requirements
- A clean criminal record. You must be able to obtain a security clearance, and stand up to a standard background check
- You have a core understanding of computing and information systems, network technology, trusted computing principles, secure development practices and modern applications across multiple platforms
- Excellent English skills, both orally and in writing (any other languages are simply a bonus)
- Consulting experience within the cyber security field
- You are self-motivated, a problem-solver and have a life-long learning mindset that drives you to continuously learn and apply that knowledge in your partnership with clients
- You are structured in your approach and have the ability to support your peers in a structured and reproducible manner, to help uplift the efforts of everyone around you
- Great communication skills and the ability to present technical jargon in an understandable way
- You are not fazed by stressful situations, and are able to keep your head cool when our clients might be stressed and lose their cool
Bonus points
- Information security certifications such as OSCP, OSCE, GPEN, GWAP, CEH, CRTP, CISSP or similar. Technical certifications relating to security testing are not a requirement, but for sure a bonus. If you don't have any, don't worry, we value experience and skillset way above pieces of paper
- A degree in Computer Science or equivalent experience or training
- You run your own lab environment, experiment with existing tools, develop your own tool, contribute to FOSS projects, participate in industry and community events such as conferences, hackerspaces or CTFs
What will you get from us
- Expected salary in the range of 40k-60k DKK, depending on qualifications and experience
Benefits including
- Extensive health insurance
- Company supported sport activities and other wellbeing support
- Paid phone and home Internet
- Paid parental leave
- A great lunch arrangement, that serves tasty and varied food catering to most diets
- A bright and spacious office, with excellent chairs, monitors, and peripherals
- An opportunity to work with some of the best technical security people in Europe with a wide variety of passions and skills
- A chance to do what you are passionate about and get paid for it
- An opportunity to work with some of the most demanding and interesting clients in the world