Consulting - Risk Advisory - Security & Privacy Penetration Tester

Apply Now >>    

This position could be located in either Houston or Kansas City.


To provide the highest level of client service, RSM US LLP has established the Technology Risk Advisory Services group, which is dedicated exclusively to serving the technology risk-related needs of our clients. This group includes experienced consultants located throughout the country to help clients select, improve, control, secure, manage and monitor systems to address their information needs and protect confidential data. By centralizing the highly skilled and specialized technology consulting personnel, we are able to provide our clients with the most knowledgeable resources available. We serve a diverse base of clients in a variety of industries, and understanding how technology impacts the operation and growth of organizations is what we do best.

This position will work independently and as part of a team to perform security assessments, including internal vulnerability assessments, internal penetration testing, wireless security assessments, social engineering, ISO27000 assessments, Payment Card Industry (PCI) assessments, Federal Information Security Management Act (FISMA) assessments and Health Insurance Portability and Accountability Act (HIPAA) assessments.




  • Perform application and network penetration tests for our global clients
  • Use commercial scanning tools such as BurpSuite, Nessus, and other commercial products to analyze systems for vulnerabilities, and provide risk reduction recommendations
  • Performing manual verification of vulnerabilities to reduce false positives
  • Understanding of common regulatory or standards-based control frameworks such as PCI-DSS, ISO 27001/2, NIST 800-53, etc.
  • Creating comprehensive security assessment reports
  • Interfacing with clients to gather information and investigate security controls
  • Maintaining industry credentials/certifications
  • Supporting ongoing development of security assessment service offerings



  • Basic experience in web application architecture analysis to identify logical flaws and security weaknesses
  • Basic understanding of encryption methods and how they are applied in an application environment
  • Working knowledge of application security tools such as proxies, fuzzers, scanners, debuggers, simulators, etc.
  • Familiarity with common web platforms i.e. Tomcat, .Net, AJAX, HTML5 etc.
  • Familiarity with backend databases like MS SQL, Oracle, MySQL, etc.
  • Experience in scripting languages like Python, Perl, Javascript, regular expressions, Shell and PowerShell scripting, etc.
  • Understanding of common web content management systems like Joomla, DotNetNuke etc.
  • Experience with various security like Metaspolit, Nmap, Qualys, mimikatz, Nessus, NeXpose, Kali Linux, BurpSuite, OWASP ZAP, WireShark, Tcpdump, etc. to analyze systems for vulnerabilities, and provide risk reduction recommendations.
  • Working knowledge of Windows & Linux, TCP/IP, and Web services
  • Perform manual verification of vulnerabilities to reduce false positives
  • Understand common regulatory or standards-based control frameworks such as PCI-DSS, ISO 27001/2, NIST 800-53, etc.
  • Able to create a comprehensive security assessment reports
  • Interface with clients to gather information and investigate security weakness and controls

 Basic Qualifications:


  • Bachelor's degree in Computer Science, Computer Engineering, Cyber-Security, Information Security or a related field or equivalent experience
  • Minimum 4 years of experience conducting application and network penetration testing
  • Ability to travel as needed (up to 35%)

Preferred Qualifications:


  • GIAC GPEN, Offensive Security Certified Professional (OSCP), CISA,  CISSP or Offensive Security Certified Expert (OSCE) preferred
  • Implementation of vulnerability management programs is a plus
  • Prior consulting or professional services background preferred
  • Knowledgeable regarding Sarbanes-Oxley Act, Payment Card Industry (PCI), and SOC
  • Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices
  • Experience with an accounting or consulting firm preferred
  • Strong verbal and written abilities
  • Strong multitasking and project management skills

You want your next step to be the right one. You've worked hard to get where you are today. And now you're ready to use your unique skills, talents and personality to achieve great things. RSM is a place where you are valued as an individual, mentored as a future leader, and recognized for your accomplishments and potential. Working directly with clients, key decision makers and business owners across various industries and geographies, you'll move quickly along the learning curve and our clients will benefit from your fresh perspective.

Experience RSM US. Experience the power of being understood.

RSM is an equal opportunity/affirmative action employer. Minorities/Females/Disabled/Veterans.
Job ID RSM517
Line of Business: Consulting Services
SubFunction: RAS Security, Privacy & Risk
Job Type: Full Time
Req #: RSM517
Location: 1330 Post Oak Blvd, Floors 23 and 24, Houston, TX US
Region: Central Region
Job Category: Business Consulting/Technology
Employment Type: Experienced
Degree Required: Bachelor
Travel: Yes
Apply Now >>