Security Jobs in Dublin

syklops · 16-01-2014 1:34pm #1

The mods have kindly allowed me to put up a thread with some Security related jobs which are vacant in the company I work for.

To begin with, let me state that I am receiving no monetary reward for any successful boardsies who are successful with their application. I'm not a recruiter, Im a security consultant.

Integrity Solutions, based in Dublin are currently hiring Penetration Testers, Information Security Analysts and Security Infrastructure Engineers.

If any one is interested in learning more, send me a PM.

Thanks

timmywex · 18-01-2014 10:34am

On a more general note in relation to the jobs front. Many of the security/pen testing companies in Dublin are hiring or always looking to expand. If there's anyone reading that's thinking of trying to get into the area it's a great place to be - quite technical, fast moving and plenty of opportunity across the industry and all the varying area's that make up the current IT security field!

Similar to Skylops, drop me a PM with any questions you have :-)

syklops · 27-01-2014 12:57pm

timmywex wrote: »

On a more general note in relation to the jobs front. Many of the security/pen testing companies in Dublin are hiring or always looking to expand. If there's anyone reading that's thinking of trying to get into the area it's a great place to be - quite technical, fast moving and plenty of opportunity across the industry and all the varying area's that make up the current IT security field!

Similar to Skylops, drop me a PM with any questions you have :-)

Yes absolutely, we are not the only people recruiting. In fact we are trying to poach from our competitors, just as they are trying to poach from us. IT Security is one of the areas which is booming at the moment, and rarely has a lull. Its a great industry to consider if you are currently studying.

stupid head · 30-01-2014 3:46am

Do ya ever do out Pen Reports like this??

I kid.

Blowfish · 30-01-2014 2:43pm

Not looking to switch immediately, but what sort of level (experience/certs) would you be expected to be at while starting out as a pentester? Would coming at this from several years of a mostly blue, sometimes red team role plus CEH, CCNA and OSCP be likely to put you in a good spot?

syklops · 31-01-2014 11:26am

stupid head wrote: »

Do ya ever do out Pen Reports like this??

I dont know how many times thats been forwarded to me in the last couple of days. My favourite bit is:

“MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections.”……….

Not looking to switch immediately, but what sort of level (experience/certs) would you be expected to be at while starting out as a pentester? Would coming at this from several years of a mostly blue, sometimes red team role plus CEH, CCNA and OSCP be likely to put you in a good spot?

That would put you in an excellent spot. About 80% of our pen tests are Web App based, so even no certs but previous web dev experience would put you in the running. The CEH, is, imo, a load of bollox, but the other two will hold you in very good standing.

What certs do I need, is a question I have been asked numerous times since I put the ad up. Truth is none. If invited for an interview you will be grilled by some of the best in the business, and if you answer everything right and come off as a nice guy you should be in. Bonus points for things like writing your own tools, including a link to your github profile, articles you have written etc.

Khannie · 31-01-2014 3:10pm

syklops wrote: »

My favourite bit is

I lol'd hard at that when I read it initially.

syklops wrote: »

The CEH, is, imo, a load of bollox

I think that's really harsh. I did it recently and learned a lot doing it.

syklops · 31-01-2014 3:39pm

Khannie wrote: »

I lol'd hard at that when I read it initially.

I think that's really harsh. I did it recently and learned a lot doing it.

Its a few years since I did it so maybe it has improved. Funnily enough the ECSA which I did straight after I found invaluable and learned loads from it.. I dont think I will ever need to make a virus for work purposes. Especially in such a half assed script kiddie way.

Blowfish · 31-01-2014 3:47pm

Khannie wrote: »

I think that's really harsh. I did it recently and learned a lot doing it.

I suppose it depends how you view it. From my own experiences I'd say it's equivalent of the Network+. If you are starting completely from scratch Network+ will give you a somewhat ok overview, but on it's own really wouldn't be enough to become a network admin.

Personally I did the CEH precisely because it was piss easy and for some reason I haven't quite worked out yet, can be quite HR friendly. I'll probably end up doing the CISSP for similar reasons.

h57xiucj2z946q · 31-01-2014 4:51pm

What sort of salary are we looking at?

Khannie · 31-01-2014 5:10pm

Blowfish wrote: »

I suppose it depends how you view it. From my own experiences I'd say it's equivalent of the Network+. If you are starting completely from scratch Network+ will give you a somewhat ok overview, but on it's own really wouldn't be enough to become a network admin.

Agreed. It's not enough to be a pentester by a long shot, but I think it's a decent certification none the less. I'm not familiar with network+ but to me it seems a bit like Red Hat. They have the certified sys admin, which most linux geeks would find handy, then the certified engineer is supposed to be difficult by all accounts.

CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.

Blowfish · 31-01-2014 5:59pm

Khannie wrote: »

CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.

Actually in terms of the exams themselves I'd say the OSCP is more in line with RHCE as both are 100% hands on exams, which would be my preference. From what I've seen the ECSA though useful, is much more of a brain dump, similar to MSCE stuff.

syklops · 01-02-2014 12:12am

Khannie wrote: »

Agreed. It's not enough to be a pentester by a long shot, but I think it's a decent certification none the less. I'm not familiar with network+ but to me it seems a bit like Red Hat. They have the certified sys admin, which most linux geeks would find handy, then the certified engineer is supposed to be difficult by all accounts.

CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.

RHCE is hard. I failed it. Plan to resit it, but not sure when Ill have time. Next exam is 3 months time which is the GWAPT.

Like I said, maybe the CEH has matured since I did it which was I think version 4 approximately 4-5 years ago. Create your own virus by using a binder to put Netcat into a simple computer game. Didnt like their definition of some terms, like zero-day,

Again, the ECSA which was the follow on one, which never gets a message, I learnt a lot of traffic analysis and deployed an IDS, but the CEH gets the headlines because it has the word hacker in the title.

Id love to try the OSCP.

Harold Weiss · 03-02-2014 10:35am

I have an interest in computer security but seem to lack certifications/qualifications/experience/attitude required for such roles at least from the perspective of some HR departments.

The conversations I've had with some HR departments goes a little like.

Me:"I can program in several languages quite well and regularly research security related issues. You can see some of my work on this site, please take a look"
HR:"Do you have a degree"?
Me:"No, I don't but if you look at my wor..."
HR:"Ideally, we're searching for candidates that have a third level degree or relevant experience. It seems you would qualify for sales personnel right now if you're interested."
Me: No, thank you.

Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

syklops · 03-02-2014 11:02am

Harold Weiss wrote: »

I have an interest in computer security but seem to lack certifications/qualifications/experience/attitude required for such roles at least from the perspective of some HR departments.

The conversations I've had with some HR departments goes a little like.

Me:"I can program in several languages quite well and regularly research security related issues. You can see some of my work on this site, please take a look"
HR:"Do you have a degree"?
Me:"No, I don't but if you look at my wor..."
HR:"Ideally, we're searching for candidates that have a third level degree or relevant experience. It seems you would qualify for sales personnel right now if you're interested."
Me: No, thank you.

Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

I dont have a degree and I got a job here. Drop me a PM with your CV if you want.

beauf · 03-02-2014 12:22pm

=Harold Weiss;88807890....The conversations I've had with some HR departments goes a little like....

Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

Some HR and agencies are simply box ticking applications. You'll never get past that as its a not a smart process. Many of them don't understand the technologies they are ticking off.

03-02-2014 8:28pm

syklops wrote: »

I dont have a degree and I got a job here. Drop me a PM with your CV if you want.

Was trying to figure out who this was for a moment

And qualifications aren't important its your attitude that is, you need to have an interest in this stuff as you'll be constantly learning all the time.

Integrity also invest heavily in their employees education if you show interest, great place to work.

Harold Weiss · 04-02-2014 12:35am

Deleted User wrote: »

Was trying to figure out who this was for a moment

And qualifications aren't important its your attitude that is, you need to have an interest in this stuff as you'll be constantly learning all the time.

Integrity also invest heavily in their employees education if you show interest, great place to work.

I've had an interest for well over 10 years.
What I don't have is experience/qualifications/certifications and those are what most companies seem to be interested in.

syklops · 04-02-2014 2:25pm

Harold Weiss wrote: »

I've had an interest for well over 10 years.
What I don't have is experience/qualifications/certifications and those are what most companies seem to be interested in.

As Niall said, not all companies. An ability to demonstrate your knowledge and you're home free.

Harold Weiss · 04-02-2014 2:44pm

syklops wrote: »

As Niall said, not all companies. An ability to demonstrate your knowledge and you're home free.

What about your company?

What companies would make exceptions?

syklops · 04-02-2014 4:21pm

Harold Weiss wrote: »

What about your company?
What companies would make exceptions?

Niall works with me in Integrity Solutions.

I don't know what other ones make exceptions.

Harold Weiss · 05-02-2014 6:02am

syklops wrote: »

Niall works with me in Integrity Solutions.

I don't know what other ones make exceptions.

okay, np.

Sent you my CV anyway. If you know of any companies that might be looking for someone like me, please let me know. I'm willing to move outside Ireland if required. (preferably inside EU)

sawdoubters · 05-02-2014 6:30am

are they minimum wage jobs,

that's why your finding it hard to fill them

syklops · 05-02-2014 8:45am

sawdoubters wrote: »

are they minimum wage jobs,

that's why your finding it hard to fill them

There is no penetration tester in the country on minimum wage.

Harold Weiss · 05-02-2014 9:38am

syklops wrote: »

There is no penetration tester in the country on minimum wage.

I would if I got some work experience out of it.

stupid head · 05-02-2014 2:01pm

Harold Weiss wrote: »

I would if I got some work experience out of it.

Next you'll say you'll do it for nothing on jobbridge.

Harold Weiss · 05-02-2014 2:18pm

stupid head wrote: »

Next you'll say you'll do it for nothing on jobbridge.

LOL

Yep, I probably would.

stupid head · 05-02-2014 6:45pm

Aaaaaaaaaaaaaaaaaaaaaah.

industrialhorse · 06-02-2014 11:08am

I am just 4 months into an information security analyst internship and it most certainly isnt the kind of internship wages that the likes of jobsbridge pay:cool:

Harold Weiss · 06-02-2014 1:30pm

industrialhorse wrote: »

I am just 4 months into an information security analyst internship and it most certainly isnt the kind of internship wages that the likes of jobsbridge pay:cool:

Agreed. From my point of view though, without meeting criteria demanded by some companies (qualifications/certifications/experience) you don't have many options. Talking about myself here. So even If I worked for a company earning minimum wage, if I was able to attain experience, that's good enough for me. Obviously it's not a good deal for everyone.

syklops · 06-02-2014 3:15pm

Harold Weiss wrote: »

Agreed. From my point of view though, without meeting criteria demanded by some companies (qualifications/certifications/experience) you don't have many options. Talking about myself here. So even If I worked for a company earning minimum wage, if I was able to attain experience, that's good enough for me. Obviously it's not a good deal for everyone.

For traditional corporate infosec type positions there often is the "Minimum 5 years experience", but really nowadays security is a very easy domain to get into. Getting the "hackers perspective" is very sexy and desirable now. Some tips for the infosec wannabe:

Get a github account and host some projects there
Get a blog and keep it security-oriented
Join twitter and again try and keep it security oriented
Go to some conferences
Go to chapter meetings - HoneyN3t, 2600, Tog etc
Build an attack lab at home with a wide range of technologies and be familiar with them and their deployment,
Very importantly, accentuate any roles in current or previous roles that are security related on your CV(firewalls/AV, patch management, System Administration etc)

AaronToal87 · 12-02-2014 2:47pm

Hey I like the way the people you work for think I don't believe you need to spend loads of money on degrees, I believe you should get a job and start at the bottom (You have to have some knowledge of the field i.e basic Networking, Security, Linux and maybe some coding) start of with a mentor who will show you the basics and send you on your way to working full time and then the company should send you to college for the degrees.

I work in IT Security and this is what my boss has done for me I had knowledge of most computer stuff (Networking, Security, Nmap, Java, C++, Python, HTML5, CSS3, Linux (Ubuntu,Backtrack 5 & Kali Linux) so my boss started training me to be the company Pen Tester and I love it I don't even mind doing the write up after the test haha.

AdNet · 07-04-2014 11:03pm

Hi guys,

Can you recomend me where to look for a contract jobs (from home) as a PenTester/Ethical Hacker?
Yes - I have an experience and relevant cert. on IT Security level

Best for me will be medium-short projects & work from home.

syklops · 08-04-2014 10:12am

AdNet wrote: »

Hi guys,

Can you recomend me where to look for a contract jobs (from home) as a PenTester/Ethical Hacker?
Yes - I have an experience and relevant cert. on IT Security level

Best for me will be medium-short projects & work from home.

I don't know but if you find out can you let me/us know?

I love Pen testing, but doing it in a suit and in a corporate environment can be annoying. Being able to do it from home in my pyjamas would be awesome. Come to think of it, Saturday was awesome.

dolann · 10-09-2016 4:26pm

Hey syklops,

I have just finished a Master Degree in Information Security and Digital Forensics, and have come from a Construction / Design discipline with over 17 years experience. I returned to college when the down turn came in this sector. Are there still openings within your company?

syklops · 10-09-2016 5:37pm

dolann wrote: »

Hey syklops,

I have just finished a Master Degree in Information Security and Digital Forensics, and have come from a Construction / Design discipline with over 17 years experience. I returned to college when the down turn came in this sector. Are there still openings within your company?

Probably, but I dont work there any more :pac:

knotknowbody · 11-09-2016 11:42am

Hey dolann, yes Integrity are hiring at all levels at the minute.

Did you do the masters in blanch, we have a couple from there started recently(in the last month) in the level1 team, it involves shift work about 4 nights per month, but is a great place to learn and figure out which area of infosec you really want to get into as you will see a bit of everything, www.integrity360.com and click on careers to see all the positons.

SOC Analyst(1st Level) is where graduates are usually hired although there is also a graduate pen tester position open at the minute.

dolann · 11-09-2016 3:19pm

Thanks for that KnotKnowbody,
I did the Masters in Blanch alright! I will look into integrity 360 today. That sounds great the variety in the job......

syklops · 12-09-2016 11:27am

dolann wrote: »

Thanks for that KnotKnowbody,
I did the Masters in Blanch alright! I will look into integrity 360 today. That sounds great the variety in the job......

The fact is InfoSec in Ireland is booming. A few years ago it was only IT companies who hired fulltime security people, now everyone wants their own. You will not have difficulty finding work, and you are in the enviable position of being able to choose what you do, where and for whom.

_Tombstone_ · 12-09-2016 11:49am

What do you say to your boss when he comes to see why the fox is gone with the chickens??

The whole industry is....what, comical really as everyone is been hacked to sh1t.

syklops · 12-09-2016 11:54am

_Tombstone_ wrote: »

What do you say to your boss when he comes to see why the fox is gone with the chickens??

The whole industry is....what, comical really as everyone is been hacked to sh1t.

You say "I told you this would happen, but did you believe me? No. I said we needed to patch the firewalls against the shadow group exploits but you wouldnt sign off on the overtime. I said we needed a pen test done to see what was exploitable but 'upstairs' wouldnt pay for it, and I said we needed end to end encryption on the laptops, and you pencilled that in for a project for next May."

testaccount123 · 12-09-2016 11:58am

_Tombstone_ wrote: »

The whole industry is....what, comical really as everyone is been hacked to sh1t.

Good, plenty of high paid work out there so

_Tombstone_ · 12-09-2016 12:08pm

syklops wrote: »

You say "I told you this would happen, but did you believe me? No. I said we needed to patch the firewalls against the shadow group exploits but you wouldnt sign off on the overtime. I said we needed a pen test done to see what was exploitable but 'upstairs' wouldnt pay for it, and I said we needed end to end encryption on the laptops, and you pencilled that in for a project for next May."

What do you when it happens after all that?

Joe Exotic · 12-09-2016 12:23pm

_Tombstone_ wrote: »

What do you when it happens after all that?

Well its how you report it and deal with it internally, its not enough that you tell your boss you need to drive it home by ensuring that there is a written record of the report, also get it put on the risk register that way boss or risk committee need to accept the risk.

If that risk is then realised they are responsible or at least officially aware it was possible.

at the end of the day its all about ensuring that the risks sits with the correct people, this is almost never the IT department.

That is the hardest culture change to implement once managers realise that its actually their risk not the IT departments, suddenly they become far more supportive in risk mitigation and avoidance.

IamMetaldave · 12-09-2016 12:57pm

murphk wrote: »

_Tombstone_ wrote: »

What do you when it happens after all that?

Well its how you report it and deal with it internally, its not enough that you tell your boss you need to drive it home by ensuring that there is a written record of the report, also get it put on the risk register that way boss or risk committee need to accept the risk.

If that risk is then realised they are responsible or at least officially aware it was possible.

at the end of the day its all about ensuring that the risks sits with the correct people, this is almost never the IT department.

That is the hardest culture change to implement once managers realise that its actually their risk not the IT departments, suddenly they become far more supportive in risk mitigation and avoidance.

That is probably one of best pieces of advice I've seen given on Boards.

Ownership of Risk is key. When a boss/board is signing off on not doing a piece of work and they own that risk in the register at the end of the day you have told them it's an issue, you have done your job.

Blowfish · 12-09-2016 6:39pm

IamMetaldave wrote: »

That is probably one of best pieces of advice I've seen given on Boards.

Ownership of Risk is key. When a boss/board is signing off on not doing a piece of work and they own that risk in the register at the end of the day you have told them it's an issue, you have done your job.

Indeed. Most people in Infosec start out with a 'fix all the things' attitude. While a laudible goal, probably the most important lesson you'll learn is that that's not what you are there for. Also, as hard as it may sometimes be to accept, you need to realise that business leaders signing off on a risk may actually be the correct decision on their part, even if the vulnerability remains.

moc moc a moc · 13-09-2016 2:46am

Blowfish wrote: »

you need to realise that business leaders signing off on a risk may actually be the correct decision on their part, even if the vulnerability remains.

Understanding this (the business view of things) is a key aspect of maturity in the industry. I can't help but think of the Fight Club quote, though:

Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.

mach1982 · 26-09-2016 8:06pm

syklops wrote: »

For traditional corporate infosec type positions there often is the "Minimum 5 years experience", but really nowadays security is a very easy domain to get into. Getting the "hackers perspective" is very sexy and desirable now. Some tips for the infosec wannabe:

Get a github account and host some projects there
Get a blog and keep it security-oriented
Join twitter and again try and keep it security oriented
Go to some conferences
Go to chapter meetings - HoneyN3t, 2600, Tog etc
Build an attack lab at home with a wide range of technologies and be familiar with them and their deployment,
Very importantly, accentuate any roles in current or previous roles that are security related on your CV(firewalls/AV, patch management, System Administration etc)

Currently in IT support ( 9 years) but want to get out I want to be my own boss and I am a bit of a crossroads.

I've always had interest in Hacking and security, but I live the sticks , so there not many people into computers especially security . I've messed around with Kail/Backtrack , bought books on OSes, programming languages( all O'Reilly) hacking and metasploit . I've watch the Hak5 podcast from the season 1 when Wes was the co host and the other week I set up a open wrt wifi repeater to get wifi to my brother house next-door.

So I got a couple of questions to , I know they might sound stupid so forgive me in advance.

1. What type of projects should you host on your github. I once built a very very basic port scanner in Perl once. I'm no software developer but I can hack together scripts .

2. Dose non industry experience count? , i.e hacking you own wifi or neighbours ( with their permission) or just paying about with metasploit seeing with if you take control of a old laptop or android phone( that was fun discover messages I deleted were still there) .

Thanks .

Blowfish · 26-09-2016 8:26pm

mach1982 wrote: »

1. What type of projects should you host on your github. I once built a very very basic port scanner in Perl once. I'm no software developer but I can hack together scripts .

2. Dose non industry experience count? , i.e hacking you own wifi or neighbours ( with their permission) or just paying about with metasploit seeing with if you take control of a old laptop or android phone( that was fun discover messages I deleted were still there) .

Thanks .

While creating a unique tool to address a need no one else has is obviously going to put you in a much better spot than most, for starting out, you could actually just combine the two points above. You could get a lab setup or find a few intentionally vulnerable VM's, write scripts specifically targeting them and document clear and methodical walkthroughs for your approach and how you exploited them. Demoing that you can learn the technical bits and (in some senses more importantly) that you can explain what you did in a clear and understandable manner and you'll be golden.

mach1982 · 28-09-2016 3:26pm

I saw this
http://www.bordnamona.ie/company/careers/current-vacancies/career/it-security-officer/

Was tempted for about a second to apply as it close to where I live to but don't think I would have chance , (yet).

I had apply to BnaM before and they got me do a silly aptitude test. I 'm slightly dyslexic, so don't do well on throes tests cause always I am second guessing myself

I have taken the advice above and set a up virtual lab . I already had installed a a couple win xp, win 7, and win10 vms, and had set up Kali as a vm but never install it on the virtual disk , tried once and it failed for some reason so started all over again . Found a nice guide online and got it installed last night. Next step download measplotable , and see if can get the VM to recognise an USB wifi adapter, and some fun ....

testicles · 29-09-2016 12:09pm

This post has been deleted.

Security Jobs in Dublin

Comments