Infrastructure Penetration Tester - secret clearance level (Belgian or equivalent )

LANGUAGES

Dutch,French,English

HOMEWORK

Not possible

DESCRIPTION

- Infrastructure penetration test

The goal that should be attained is to identify vulnerabilities in new and existing technical infrastructures and/or systems.

The penetration test can consist of different scenarios, such as:

o Source: both internal and external (from Internet) penetration testing

o Approach: white-box (all available information), grey-box (some inside information) and black-box approach (no information)

o Methodology: cautious (discovery, enumeration, vulnerability mapping) to aggressive (exploitation of vulnerabilities, denial of service),

o Technique: network based. Host-based testing and social engineering by default do not make part of this type of testing.

o Scope:

Servers residing in both internal networks and DMZ networks running a diversity of operating systems such as but not limited to: Windows, Unix and Linux.

Cloud services and hybrid systems.

Proprietary systems and technologies, such as but not limited to Industrial Control Systems (ICS),

Behaviour and configuration of network and security appliances, such as but not limited to: Firewalls, Routers, intrusion detection systems

Network and applicative services running on network attached systems, such as but not limited to DNS, FTP, SSH, Telnet, NTP, SNMP, HTTP, LDAP, JDBC, ADDS, NFS, SMTP

- Host based audit (and compliancy check)

Assessment of the security posture of individual hosts

o Patch-level status

o Enumeration of network services

o Gathering of security relevant settings (account privileges, user authentication settings, audit & logging policies)

o Validation of hardening guidelines

o Finding exploits

- Social engineering testing

The goal that should be attained is identifying vulnerabilities, affecting confidentiality and/or integrity, associated with employee's ability to follow procedures and security best practices using following techniques such as, but not limited to: direct personal contact; contact by phone (both internal and external); cusing e-mail (both internal and external) with phishing URL; USB-drop

The candidate must not necessarily cover all different aspects (see evaluation sheet) but should clearly indicate the major high-skill areas.

TECHNICAL KNOWLEDGE

[ ] Important technical knowledge:

- Network technologies (Ethernet, Wi-Fi, fibre channel, Bluetooth) and detailed knowledge of protocols.

- Authentication technologies (both user and machine) and mechanisms.

- Encryption techniques.

- Operating systems (Windows, Linux, Solaris).

- Cloud services (eg, Microsoft stack)

- Cloud architecture and principles, including interconnectivity/interoperability between systems, services and applications

- Cloud, on premise and hybrid topologies

- µ-services

- Enterprise service bus architecture (incl. API-gateway)

- Proprietary systems and protocols, including industrial control systems (ICS), Supervisory control and data acquisition (SCADA),

- Well known attacks and techniques to defeat security controls.

- Scripting (Bash, Python, PowerShell, )

[+] Useful technical knowledge:

- Network design and architecture.

- Multi-layered security (defence in depth) principles

- Programming language(s)

- Database systems (eg, Microsoft SQL, Oracle Database,)

- Middleware (eg, Web Application Servers, Enterprise Service Bus,

Business analytics tooling, ETL,)

EDUCATION AND EXPERIENCE

The consultant proposed must dispose of an extensive professional experience of 10 years or more as an infrastructure penetration tester.

Furthermore, (s)he must dispose of an extensive professional experience of at least 5 years with critical infrastructure.

SPECIAL CONDITIONS

- secret clearance level (Belgian or equivalent2)