Trofi Security is a nationally recognized firm of cyber security thought leaders and technical advisors at the leading edge of IT security consulting.

This is an entrepreneurial culture built on innovation and service excellence.

Trofi Security is at the center of a fast growing job sector in IT, and we thrive in this environment. We're self starters who think like entrepreneurs. and we make it our business to be steps ahead of each of our clients needs.

Senior Security Engineer

Trofi Security is looking for an expert Security Engineer to join our consulting team to ensure that our client’s applications and infrastructure are designed and implemented to the highest standards thus maintaining and enhancing customer trust. If you enjoy analyzing system services, operating systems, networks and applications from a security perspective, and you are skilled at discovering security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity. You will participate in security audits, risk analysis, vulnerability testing and security reviews on many elements of our client’s systems. First assignment is for 3-6 months full time in Overland Park, Kansas. Contract can be 1099 or W2.

•Identify security issues and risks, and develop mitigation plans

•Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles

•Develop and interpret security policies and procedures

•Mentor junior members of the team

•Participate in security compliance efforts (e.g., PCIDSS, SOX)

•Develop and deliver training materials and perform general security awareness and specific security technology training

•Acquisition and vendor risk assessment due diligence

•Evaluate and recommend new and emerging security products and technologies

•Participate in tier 2 and tier 3 security operations support

•Participate in incident handling

•Evangelize security within Company and be an advocate for customer trust

•BS/MS in Computer Science or equivalent desired

•Emerging company-wide reputation in the field of information security

•Consistent implementation of security solutions at the business unit level

•At least 3 years experience in infrastructure or application-level vulnerability testing and auditing

•At least 3 years of system, network and/or application security experience

•Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security

•Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

•Experience with service-oriented architecture and web services security desired

•Experience with the application of threat modeling or other risk identification techniques

•Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits

•Scripting skills (e.g., PERL, shell scripting)

•Excellent written and verbal communication skills

•Excellent leadership skills and teamwork skills

•Results oriented, high energy, self-motivated

Senior IT Security Specialist

Role: You provide expertise to client organizations in the areas of Information Security Strategy and Regulatory Compliance and conduct information security assessments and provide guidance on industry best practices for implementing formal information security governance programs.

•Experience in an IT security audit and compliance role, with working knowledge of PCI, GLBA, FISMA, ISO 27000, HIPAA, and NIST.

•Strong IT background/understanding with respect to networks, servers, workstations and applications

•Excellent written, oral communication, and presentation skills

•Self-motivated and able to work both independently and with a team.

•Willing to travel up to 50% of the time

•Risk assessment execution and reporting

•Ability to comfortably interact with senior management in a consultative manner

•Gap analysis execution and reporting

•Virtualization and Cloud technology

•Minimum of 5 years in Information Technology or Security

•Minimum of 5 years in an IT Security Audit and or Compliance

•Minimum of 1 information security certification such as CISSP, CISA or CISM. QSA a plus.

Penetration Tester

Role: You think out of the box and enjoy the challenge of compromising systems. Black box, grey box, or white box doesn't matter. You'll get in regardless.

•5+ years of experience in information security with application/network penetration testing experience

•Deep understanding of web frameworks, including XML, SOAP, JSON and Ajax

•Experience with scripting languages such as, bash, PERL, Python, ruby, vb/wscript or powershell

•Experience exploiting web applications and services

•Working knowledge of firewalls and other network security products

•Experience with .NET web application frameworks and languages

•Understanding of C, C#, Objective C and Java.

•Familiarity with web proxy tools

•Familiarity with penetration testing tools such as Kali Linux, NeXpose, Nessus, nmap, Metasploit, vulnerability scanners, tcpdump, wireshark, etc.

•Excellent written and oral communication skills

•Self-motivated and able to work both independently and with a team.

•Willing to travel up to 50% of the time.

•Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.

• Specific Experience using Rapid7 Nexpose and Metasploit, and commercial web application testing tools such as BurpSuite Pro

•Experience leading or participating on Red Team engagements.

•Knowledge of applied cryptographic protocols.

•CEH, CPT, CISSP, OSCP/E, GWAPT, GPEN, GXPN certification

•Experience with debuggers and disassemblers

•Experience in exploit development

•Experience in hardware hacking or embedded systems hacking

•Advanced degree in an IT related field is a plus.