Security Jobs in Dublin

syklops

The mods have kindly allowed me to put up a thread with some Security related jobs which are vacant in the company I work for.

To begin with, let me state that I am receiving no monetary reward for any successful boardsies who are successful with their application. I'm not a recruiter, Im a security consultant.

Integrity Solutions, based in Dublin are currently hiring Penetration Testers, Information Security Analysts and Security Infrastructure Engineers.

If any one is interested in learning more, send me a PM.


Thanks

timmywex

On a more general note in relation to the jobs front. Many of the security/pen testing companies in Dublin are hiring or always looking to expand. If there's anyone reading that's thinking of trying to get into the area it's a great place to be - quite technical, fast moving and plenty of opportunity across the industry and all the varying area's that make up the current IT security field!

Similar to Skylops, drop me a PM with any questions you have :-)

syklops

timmywex wrote: »

On a more general note in relation to the jobs front. Many of the security/pen testing companies in Dublin are hiring or always looking to expand. If there's anyone reading that's thinking of trying to get into the area it's a great place to be - quite technical, fast moving and plenty of opportunity across the industry and all the varying area's that make up the current IT security field!

Similar to Skylops, drop me a PM with any questions you have :-)

Yes absolutely, we are not the only people recruiting. In fact we are trying to poach from our competitors, just as they are trying to poach from us. IT Security is one of the areas which is booming at the moment, and rarely has a lull. Its a great industry to consider if you are currently studying.

stupid head

Do ya ever do out Pen Reports like this??


















































I kid.

Blowfish

Not looking to switch immediately, but what sort of level (experience/certs) would you be expected to be at while starting out as a pentester? Would coming at this from several years of a mostly blue, sometimes red team role plus CEH, CCNA and OSCP be likely to put you in a good spot?

syklops

stupid head wrote: »

Do ya ever do out Pen Reports like this??

I dont know how many times thats been forwarded to me in the last couple of days. My favourite bit is:

“MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections.”……….

Not looking to switch immediately, but what sort of level (experience/certs) would you be expected to be at while starting out as a pentester? Would coming at this from several years of a mostly blue, sometimes red team role plus CEH, CCNA and OSCP be likely to put you in a good spot?

That would put you in an excellent spot. About 80% of our pen tests are Web App based, so even no certs but previous web dev experience would put you in the running. The CEH, is, imo, a load of bollox, but the other two will hold you in very good standing.


What certs do I need, is a question I have been asked numerous times since I put the ad up. Truth is none. If invited for an interview you will be grilled by some of the best in the business, and if you answer everything right and come off as a nice guy you should be in. Bonus points for things like writing your own tools, including a link to your github profile, articles you have written etc.

Khannie

syklops wrote: »

My favourite bit is

I lol'd hard at that when I read it initially.

syklops wrote: »

The CEH, is, imo, a load of bollox

I think that's really harsh. I did it recently and learned a lot doing it.

syklops

Khannie wrote: »

I lol'd hard at that when I read it initially.



I think that's really harsh. I did it recently and learned a lot doing it.

Its a few years since I did it so maybe it has improved. Funnily enough the ECSA which I did straight after I found invaluable and learned loads from it.. I dont think I will ever need to make a virus for work purposes. Especially in such a half assed script kiddie way.

Blowfish

Khannie wrote: »

I think that's really harsh. I did it recently and learned a lot doing it.

I suppose it depends how you view it. From my own experiences I'd say it's equivalent of the Network+. If you are starting completely from scratch Network+ will give you a somewhat ok overview, but on it's own really wouldn't be enough to become a network admin.

Personally I did the CEH precisely because it was piss easy and for some reason I haven't quite worked out yet, can be quite HR friendly. I'll probably end up doing the CISSP for similar reasons.

h57xiucj2z946q

What sort of salary are we looking at?

Khannie

Blowfish wrote: »

I suppose it depends how you view it. From my own experiences I'd say it's equivalent of the Network+. If you are starting completely from scratch Network+ will give you a somewhat ok overview, but on it's own really wouldn't be enough to become a network admin.

Agreed. It's not enough to be a pentester by a long shot, but I think it's a decent certification none the less. I'm not familiar with network+ but to me it seems a bit like Red Hat. They have the certified sys admin, which most linux geeks would find handy, then the certified engineer is supposed to be difficult by all accounts.

CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.

Blowfish

Khannie wrote: »

CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.

Actually in terms of the exams themselves I'd say the OSCP is more in line with RHCE as both are 100% hands on exams, which would be my preference. From what I've seen the ECSA though useful, is much more of a brain dump, similar to MSCE stuff.

syklops

Khannie wrote: »

Agreed. It's not enough to be a pentester by a long shot, but I think it's a decent certification none the less. I'm not familiar with network+ but to me it seems a bit like Red Hat. They have the certified sys admin, which most linux geeks would find handy, then the certified engineer is supposed to be difficult by all accounts.

CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.

RHCE is hard. I failed it. Plan to resit it, but not sure when Ill have time. Next exam is 3 months time which is the GWAPT.

Like I said, maybe the CEH has matured since I did it which was I think version 4 approximately 4-5 years ago. Create your own virus by using a binder to put Netcat into a simple computer game. Didnt like their definition of some terms, like zero-day,

Again, the ECSA which was the follow on one, which never gets a message, I learnt a lot of traffic analysis and deployed an IDS, but the CEH gets the headlines because it has the word hacker in the title.

Id love to try the OSCP.

Harold Weiss

I have an interest in computer security but seem to lack certifications/qualifications/experience/attitude required for such roles at least from the perspective of some HR departments.

The conversations I've had with some HR departments goes a little like.

Me:"I can program in several languages quite well and regularly research security related issues. You can see some of my work on this site, please take a look"
HR:"Do you have a degree"?
Me:"No, I don't but if you look at my wor..."
HR:"Ideally, we're searching for candidates that have a third level degree or relevant experience. It seems you would qualify for sales personnel right now if you're interested."
Me: No, thank you.

Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

syklops

Harold Weiss wrote: »

I have an interest in computer security but seem to lack certifications/qualifications/experience/attitude required for such roles at least from the perspective of some HR departments.

The conversations I've had with some HR departments goes a little like.

Me:"I can program in several languages quite well and regularly research security related issues. You can see some of my work on this site, please take a look"
HR:"Do you have a degree"?
Me:"No, I don't but if you look at my wor..."
HR:"Ideally, we're searching for candidates that have a third level degree or relevant experience. It seems you would qualify for sales personnel right now if you're interested."
Me: No, thank you.

Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

I dont have a degree and I got a job here. Drop me a PM with your CV if you want.

beauf

=Harold Weiss;88807890....The conversations I've had with some HR departments goes a little like....

Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

Some HR and agencies are simply box ticking applications. You'll never get past that as its a not a smart process. Many of them don't understand the technologies they are ticking off.

syklops

syklops wrote: »

I dont have a degree and I got a job here. Drop me a PM with your CV if you want.

Was trying to figure out who this was for a moment

And qualifications aren't important its your attitude that is, you need to have an interest in this stuff as you'll be constantly learning all the time.

Integrity also invest heavily in their employees education if you show interest, great place to work.

Harold Weiss

Deleted User wrote: »

Was trying to figure out who this was for a moment

And qualifications aren't important its your attitude that is, you need to have an interest in this stuff as you'll be constantly learning all the time.

Integrity also invest heavily in their employees education if you show interest, great place to work.

I've had an interest for well over 10 years.
What I don't have is experience/qualifications/certifications and those are what most companies seem to be interested in.

syklops

Harold Weiss wrote: »

I've had an interest for well over 10 years.
What I don't have is experience/qualifications/certifications and those are what most companies seem to be interested in.

As Niall said, not all companies. An ability to demonstrate your knowledge and you're home free.

Harold Weiss

syklops wrote: »

As Niall said, not all companies. An ability to demonstrate your knowledge and you're home free.

What about your company?
What companies would make exceptions?

syklops

Harold Weiss wrote: »

What about your company?
What companies would make exceptions?

Niall works with me in Integrity Solutions.

I don't know what other ones make exceptions.

Harold Weiss

syklops wrote: »

Niall works with me in Integrity Solutions.

I don't know what other ones make exceptions.

okay, np.

Sent you my CV anyway. If you know of any companies that might be looking for someone like me, please let me know. I'm willing to move outside Ireland if required. (preferably inside EU)

sawdoubters

are they minimum wage jobs,

that's why your finding it hard to fill them

syklops

sawdoubters wrote: »

are they minimum wage jobs,

that's why your finding it hard to fill them

There is no penetration tester in the country on minimum wage.

Harold Weiss

syklops wrote: »

There is no penetration tester in the country on minimum wage.

I would if I got some work experience out of it.

stupid head

Harold Weiss wrote: »

I would if I got some work experience out of it.

Next you'll say you'll do it for nothing on jobbridge.

Harold Weiss

stupid head wrote: »

Next you'll say you'll do it for nothing on jobbridge.

LOL

Yep, I probably would.

stupid head

Aaaaaaaaaaaaaaaaaaaaaah.

industrialhorse

I am just 4 months into an information security analyst internship and it most certainly isnt the kind of internship wages that the likes of jobsbridge pay:cool:

Harold Weiss

industrialhorse wrote: »

I am just 4 months into an information security analyst internship and it most certainly isnt the kind of internship wages that the likes of jobsbridge pay:cool:

Agreed. From my point of view though, without meeting criteria demanded by some companies (qualifications/certifications/experience) you don't have many options. Talking about myself here. So even If I worked for a company earning minimum wage, if I was able to attain experience, that's good enough for me. Obviously it's not a good deal for everyone.

syklops

Harold Weiss wrote: »

Agreed. From my point of view though, without meeting criteria demanded by some companies (qualifications/certifications/experience) you don't have many options. Talking about myself here. So even If I worked for a company earning minimum wage, if I was able to attain experience, that's good enough for me. Obviously it's not a good deal for everyone.

For traditional corporate infosec type positions there often is the "Minimum 5 years experience", but really nowadays security is a very easy domain to get into. Getting the "hackers perspective" is very sexy and desirable now. Some tips for the infosec wannabe:

Get a github account and host some projects there
Get a blog and keep it security-oriented
Join twitter and again try and keep it security oriented
Go to some conferences
Go to chapter meetings - HoneyN3t, 2600, Tog etc
Build an attack lab at home with a wide range of technologies and be familiar with them and their deployment,
Very importantly, accentuate any roles in current or previous roles that are security related on your CV(firewalls/AV, patch management, System Administration etc)