Skip to Content

Careers

Senior Security Consultant
 
Position Description:
 
Stratum Security is looking for senior-level penetration testers.  The initial project is dedicated to a financial services organization (no travel) to help the customer build an internal assessment program.  The work will involve on-going assessments of the network and large application inventory.
We are a very technically driven organization --- our core consulting team is all senior level consultants with 10+ years experience.  Several have spoken at Black Hat, Defcon, Shmoocon, and OWASP.  One wrote a book about Securing the Smart Grid --- it's a great environment for security geeks.  
Location: McLean/Tysons Corner area
 
Start Date: July 2011
 
Skills:

  • Application Security Testing - Experience running web application security scanners (e.g. Web Inspect, AppScan, Cenzic, Netsparker, etc.) as well as intimate knowledge of client-side proxies (e.g. Paros Burp, etc.), knowledge of input validation, session management, authorization flaws, web application frameworks, and complex enterprise applications.
  • Network Vulnerability Assessment and Penetration Testing - Experience running network vulnerability scanners (e.g. Nessus, Nexpose, etc.) as well as nmap, Metasploit, python, shell scripting, perl, etc.
  • (not mandatory) - Source Code Review/SDLC - Development skills, developing .Net, Java, C#, C/C++ and other enterprise code. Experience running Ounce and/or Fortify a plus. Understanding of enterprise software development, 3rd party products, and software security issues.

Qualifications:

  • 3-5 years of information security consulting experience
  • Strong understanding of information technology security and concepts
  • Strong oral and written communication skills 
  • Ability to pass standard background check and drug test 

 
About Stratum Security
Stratum Security is an information security professional services firm located in the Washington DC Metro area. Founded in 2005, Stratum Security provides services to clients worldwide. Stratum’s core capabilities include network security vulnerability assessment and penetration testing, application and database security audits, security architecture, compliance (PCI, HIPAA, ISO, FISMA), and threat simulation.  Our list of successful engagements include large multi-national enterprises to small start-ups in a wide array of industries including finance, insurance, retail, hospitality, education, health care, government, technology, non-profit, energy, and telecommunications. Stratum Security is a privately-held small business.
 
Stratum Security’s sole focus is information assurance with an emphasis on identifying critical risk and building effective solutions.  Our people have researched and identified various vulnerabilities and regularly speak at information security industry conferences. 
Stratum leverages our deep assessment experience to provide innovative solutions that meet evolving threats.  Our experts continuously identify new attack and threat vectors through our work with various organizations in the financial and technology sectors.  The information is used to evolve our penetration testing activities to simulate evolving threats in order to assess organizations in a manner that best represents current threats.  Recent areas of focus include spear-phishing, data exfiltration, mobile applications, and web-based applications.