Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security Jobs in Dublin

  • 16-01-2014 12:34pm
    #1
    Closed Accounts Posts: 18,966 ✭✭✭✭


    The mods have kindly allowed me to put up a thread with some Security related jobs which are vacant in the company I work for.

    To begin with, let me state that I am receiving no monetary reward for any successful boardsies who are successful with their application. I'm not a recruiter, Im a security consultant.

    Integrity Solutions, based in Dublin are currently hiring Penetration Testers, Information Security Analysts and Security Infrastructure Engineers.

    If any one is interested in learning more, send me a PM.


    Thanks


«1

Comments

  • Registered Users, Registered Users 2 Posts: 2,626 ✭✭✭timmywex


    On a more general note in relation to the jobs front. Many of the security/pen testing companies in Dublin are hiring or always looking to expand. If there's anyone reading that's thinking of trying to get into the area it's a great place to be - quite technical, fast moving and plenty of opportunity across the industry and all the varying area's that make up the current IT security field!

    Similar to Skylops, drop me a PM with any questions you have :-)


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    timmywex wrote: »
    On a more general note in relation to the jobs front. Many of the security/pen testing companies in Dublin are hiring or always looking to expand. If there's anyone reading that's thinking of trying to get into the area it's a great place to be - quite technical, fast moving and plenty of opportunity across the industry and all the varying area's that make up the current IT security field!

    Similar to Skylops, drop me a PM with any questions you have :-)

    Yes absolutely, we are not the only people recruiting. In fact we are trying to poach from our competitors, just as they are trying to poach from us. IT Security is one of the areas which is booming at the moment, and rarely has a lull. Its a great industry to consider if you are currently studying.


  • Closed Accounts Posts: 114 ✭✭stupid head




  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Not looking to switch immediately, but what sort of level (experience/certs) would you be expected to be at while starting out as a pentester? Would coming at this from several years of a mostly blue, sometimes red team role plus CEH, CCNA and OSCP be likely to put you in a good spot?


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I dont know how many times thats been forwarded to me in the last couple of days. My favourite bit is:


    “MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections.”……….

    Not looking to switch immediately, but what sort of level (experience/certs) would you be expected to be at while starting out as a pentester? Would coming at this from several years of a mostly blue, sometimes red team role plus CEH, CCNA and OSCP be likely to put you in a good spot?

    That would put you in an excellent spot. About 80% of our pen tests are Web App based, so even no certs but previous web dev experience would put you in the running. The CEH, is, imo, a load of bollox, but the other two will hold you in very good standing.


    What certs do I need, is a question I have been asked numerous times since I put the ad up. Truth is none. If invited for an interview you will be grilled by some of the best in the business, and if you answer everything right and come off as a nice guy you should be in. Bonus points for things like writing your own tools, including a link to your github profile, articles you have written etc.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    syklops wrote: »
    My favourite bit is

    I lol'd hard at that when I read it initially.
    syklops wrote: »
    The CEH, is, imo, a load of bollox

    I think that's really harsh. I did it recently and learned a lot doing it.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Khannie wrote: »
    I lol'd hard at that when I read it initially.



    I think that's really harsh. I did it recently and learned a lot doing it.

    Its a few years since I did it so maybe it has improved. Funnily enough the ECSA which I did straight after I found invaluable and learned loads from it.. I dont think I will ever need to make a virus for work purposes. Especially in such a half assed script kiddie way.


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Khannie wrote: »
    I think that's really harsh. I did it recently and learned a lot doing it.
    I suppose it depends how you view it. From my own experiences I'd say it's equivalent of the Network+. If you are starting completely from scratch Network+ will give you a somewhat ok overview, but on it's own really wouldn't be enough to become a network admin.

    Personally I did the CEH precisely because it was piss easy and for some reason I haven't quite worked out yet, can be quite HR friendly. I'll probably end up doing the CISSP for similar reasons.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    What sort of salary are we looking at?


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Blowfish wrote: »
    I suppose it depends how you view it. From my own experiences I'd say it's equivalent of the Network+. If you are starting completely from scratch Network+ will give you a somewhat ok overview, but on it's own really wouldn't be enough to become a network admin.

    Agreed. It's not enough to be a pentester by a long shot, but I think it's a decent certification none the less. I'm not familiar with network+ but to me it seems a bit like Red Hat. They have the certified sys admin, which most linux geeks would find handy, then the certified engineer is supposed to be difficult by all accounts.

    CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Khannie wrote: »
    CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.
    Actually in terms of the exams themselves I'd say the OSCP is more in line with RHCE as both are 100% hands on exams, which would be my preference. From what I've seen the ECSA though useful, is much more of a brain dump, similar to MSCE stuff.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Khannie wrote: »
    Agreed. It's not enough to be a pentester by a long shot, but I think it's a decent certification none the less. I'm not familiar with network+ but to me it seems a bit like Red Hat. They have the certified sys admin, which most linux geeks would find handy, then the certified engineer is supposed to be difficult by all accounts.

    CEH to me = has a decent understanding of security practices. ECSA / LPT seems (approximately) equivalent to the RHCE for security people.

    RHCE is hard. I failed it. Plan to resit it, but not sure when Ill have time. Next exam is 3 months time which is the GWAPT.

    Like I said, maybe the CEH has matured since I did it which was I think version 4 approximately 4-5 years ago. Create your own virus by using a binder to put Netcat into a simple computer game. Didnt like their definition of some terms, like zero-day,

    Again, the ECSA which was the follow on one, which never gets a message, I learnt a lot of traffic analysis and deployed an IDS, but the CEH gets the headlines because it has the word hacker in the title.

    Id love to try the OSCP.


  • Closed Accounts Posts: 439 ✭✭Harold Weiss


    I have an interest in computer security but seem to lack certifications/qualifications/experience/attitude required for such roles at least from the perspective of some HR departments.

    The conversations I've had with some HR departments goes a little like.

    Me:"I can program in several languages quite well and regularly research security related issues. You can see some of my work on this site, please take a look"
    HR:"Do you have a degree"?
    Me:"No, I don't but if you look at my wor..."
    HR:"Ideally, we're searching for candidates that have a third level degree or relevant experience. It seems you would qualify for sales personnel right now if you're interested."
    Me: No, thank you.

    Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I have an interest in computer security but seem to lack certifications/qualifications/experience/attitude required for such roles at least from the perspective of some HR departments.

    The conversations I've had with some HR departments goes a little like.

    Me:"I can program in several languages quite well and regularly research security related issues. You can see some of my work on this site, please take a look"
    HR:"Do you have a degree"?
    Me:"No, I don't but if you look at my wor..."
    HR:"Ideally, we're searching for candidates that have a third level degree or relevant experience. It seems you would qualify for sales personnel right now if you're interested."
    Me: No, thank you.

    Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

    I dont have a degree and I got a job here. Drop me a PM with your CV if you want.


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    =Harold Weiss;88807890....The conversations I've had with some HR departments goes a little like....

    Despite having demonstrable skills in computer security more than some students with a third level degree, it doesn't seem to be enough.

    Some HR and agencies are simply box ticking applications. You'll never get past that as its a not a smart process. Many of them don't understand the technologies they are ticking off.


  • Posts: 0 [Deleted User]


    syklops wrote: »
    I dont have a degree and I got a job here. Drop me a PM with your CV if you want.

    Was trying to figure out who this was for a moment :p

    And qualifications aren't important its your attitude that is, you need to have an interest in this stuff as you'll be constantly learning all the time.

    Integrity also invest heavily in their employees education if you show interest, great place to work.


  • Closed Accounts Posts: 439 ✭✭Harold Weiss


    Was trying to figure out who this was for a moment :p

    And qualifications aren't important its your attitude that is, you need to have an interest in this stuff as you'll be constantly learning all the time.

    Integrity also invest heavily in their employees education if you show interest, great place to work.

    I've had an interest for well over 10 years.
    What I don't have is experience/qualifications/certifications and those are what most companies seem to be interested in.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I've had an interest for well over 10 years.
    What I don't have is experience/qualifications/certifications and those are what most companies seem to be interested in.

    As Niall said, not all companies. An ability to demonstrate your knowledge and you're home free.


  • Closed Accounts Posts: 439 ✭✭Harold Weiss


    syklops wrote: »
    As Niall said, not all companies. An ability to demonstrate your knowledge and you're home free.

    What about your company? :D
    What companies would make exceptions?


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    What about your company? :D
    What companies would make exceptions?

    Niall works with me in Integrity Solutions.

    I don't know what other ones make exceptions.


  • Advertisement
  • Closed Accounts Posts: 439 ✭✭Harold Weiss


    syklops wrote: »
    Niall works with me in Integrity Solutions.

    I don't know what other ones make exceptions.

    okay, np.

    Sent you my CV anyway. If you know of any companies that might be looking for someone like me, please let me know. I'm willing to move outside Ireland if required. (preferably inside EU)


  • Banned (with Prison Access) Posts: 1,288 ✭✭✭sawdoubters


    are they minimum wage jobs,

    that's why your finding it hard to fill them


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    are they minimum wage jobs,

    that's why your finding it hard to fill them

    There is no penetration tester in the country on minimum wage.


  • Closed Accounts Posts: 439 ✭✭Harold Weiss


    syklops wrote: »
    There is no penetration tester in the country on minimum wage.

    I would if I got some work experience out of it.


  • Closed Accounts Posts: 114 ✭✭stupid head


    I would if I got some work experience out of it.

    Next you'll say you'll do it for nothing on jobbridge.


  • Closed Accounts Posts: 439 ✭✭Harold Weiss


    Next you'll say you'll do it for nothing on jobbridge.

    LOL :D

    Yep, I probably would.


  • Closed Accounts Posts: 114 ✭✭stupid head


    Aaaaaaaaaaaaaaaaaaaaaah.


  • Registered Users, Registered Users 2 Posts: 203 ✭✭industrialhorse


    I am just 4 months into an information security analyst internship and it most certainly isnt the kind of internship wages that the likes of jobsbridge pay:cool:


  • Closed Accounts Posts: 439 ✭✭Harold Weiss


    I am just 4 months into an information security analyst internship and it most certainly isnt the kind of internship wages that the likes of jobsbridge pay:cool:

    Agreed. From my point of view though, without meeting criteria demanded by some companies (qualifications/certifications/experience) you don't have many options. Talking about myself here. So even If I worked for a company earning minimum wage, if I was able to attain experience, that's good enough for me. Obviously it's not a good deal for everyone.


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Agreed. From my point of view though, without meeting criteria demanded by some companies (qualifications/certifications/experience) you don't have many options. Talking about myself here. So even If I worked for a company earning minimum wage, if I was able to attain experience, that's good enough for me. Obviously it's not a good deal for everyone.

    For traditional corporate infosec type positions there often is the "Minimum 5 years experience", but really nowadays security is a very easy domain to get into. Getting the "hackers perspective" is very sexy and desirable now. Some tips for the infosec wannabe:

    Get a github account and host some projects there
    Get a blog and keep it security-oriented
    Join twitter and again try and keep it security oriented
    Go to some conferences
    Go to chapter meetings - HoneyN3t, 2600, Tog etc
    Build an attack lab at home with a wide range of technologies and be familiar with them and their deployment,
    Very importantly, accentuate any roles in current or previous roles that are security related on your CV(firewalls/AV, patch management, System Administration etc)


  • Registered Users, Registered Users 2 Posts: 33 AaronToal87


    Hey I like the way the people you work for think I don't believe you need to spend loads of money on degrees, I believe you should get a job and start at the bottom (You have to have some knowledge of the field i.e basic Networking, Security, Linux and maybe some coding) start of with a mentor who will show you the basics and send you on your way to working full time and then the company should send you to college for the degrees.

    I work in IT Security and this is what my boss has done for me I had knowledge of most computer stuff (Networking, Security, Nmap, Java, C++, Python, HTML5, CSS3, Linux (Ubuntu,Backtrack 5 & Kali Linux) so my boss started training me to be the company Pen Tester and I love it I don't even mind doing the write up after the test haha.


  • Closed Accounts Posts: 48 AdNet


    Hi guys,

    Can you recomend me where to look for a contract jobs (from home) as a PenTester/Ethical Hacker?
    Yes - I have an experience and relevant cert. on IT Security level

    Best for me will be medium-short projects & work from home.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    AdNet wrote: »
    Hi guys,

    Can you recomend me where to look for a contract jobs (from home) as a PenTester/Ethical Hacker?
    Yes - I have an experience and relevant cert. on IT Security level

    Best for me will be medium-short projects & work from home.

    I don't know but if you find out can you let me/us know?

    I love Pen testing, but doing it in a suit and in a corporate environment can be annoying. Being able to do it from home in my pyjamas would be awesome. Come to think of it, Saturday was awesome.


  • Registered Users, Registered Users 2 Posts: 2 dolann


    Hey syklops,

    I have just finished a Master Degree in Information Security and Digital Forensics, and have come from a Construction / Design discipline with over 17 years experience. I returned to college when the down turn came in this sector. Are there still openings within your company?


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    dolann wrote: »
    Hey syklops,

    I have just finished a Master Degree in Information Security and Digital Forensics, and have come from a Construction / Design discipline with over 17 years experience. I returned to college when the down turn came in this sector. Are there still openings within your company?

    Probably, but I dont work there any more :pac:


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 262 ✭✭knotknowbody


    Hey dolann, yes Integrity are hiring at all levels at the minute.

    Did you do the masters in blanch, we have a couple from there started recently(in the last month) in the level1 team, it involves shift work about 4 nights per month, but is a great place to learn and figure out which area of infosec you really want to get into as you will see a bit of everything, www.integrity360.com and click on careers to see all the positons.

    SOC Analyst(1st Level) is where graduates are usually hired although there is also a graduate pen tester position open at the minute.


  • Registered Users, Registered Users 2 Posts: 2 dolann


    Thanks for that KnotKnowbody,
    I did the Masters in Blanch alright! I will look into integrity 360 today. That sounds great the variety in the job......


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    dolann wrote: »
    Thanks for that KnotKnowbody,
    I did the Masters in Blanch alright! I will look into integrity 360 today. That sounds great the variety in the job......

    The fact is InfoSec in Ireland is booming. A few years ago it was only IT companies who hired fulltime security people, now everyone wants their own. You will not have difficulty finding work, and you are in the enviable position of being able to choose what you do, where and for whom.


  • Closed Accounts Posts: 3,006 ✭✭✭_Tombstone_


    What do you say to your boss when he comes to see why the fox is gone with the chickens??

    The whole industry is....what, comical really as everyone is been hacked to sh1t.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    What do you say to your boss when he comes to see why the fox is gone with the chickens??

    The whole industry is....what, comical really as everyone is been hacked to sh1t.

    You say "I told you this would happen, but did you believe me? No. I said we needed to patch the firewalls against the shadow group exploits but you wouldnt sign off on the overtime. I said we needed a pen test done to see what was exploitable but 'upstairs' wouldnt pay for it, and I said we needed end to end encryption on the laptops, and you pencilled that in for a project for next May."


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,023 ✭✭✭testaccount123


    The whole industry is....what, comical really as everyone is been hacked to sh1t.
    Good, plenty of high paid work out there so


  • Closed Accounts Posts: 3,006 ✭✭✭_Tombstone_


    syklops wrote: »
    You say "I told you this would happen, but did you believe me? No. I said we needed to patch the firewalls against the shadow group exploits but you wouldnt sign off on the overtime. I said we needed a pen test done to see what was exploitable but 'upstairs' wouldnt pay for it, and I said we needed end to end encryption on the laptops, and you pencilled that in for a project for next May."

    What do you when it happens after all that?


  • Registered Users, Registered Users 2 Posts: 572 ✭✭✭Joe Exotic


    What do you when it happens after all that?

    Well its how you report it and deal with it internally, its not enough that you tell your boss you need to drive it home by ensuring that there is a written record of the report, also get it put on the risk register that way boss or risk committee need to accept the risk.

    If that risk is then realised they are responsible or at least officially aware it was possible.

    at the end of the day its all about ensuring that the risks sits with the correct people, this is almost never the IT department.

    That is the hardest culture change to implement once managers realise that its actually their risk not the IT departments, suddenly they become far more supportive in risk mitigation and avoidance.


  • Registered Users, Registered Users 2 Posts: 3,499 ✭✭✭IamMetaldave


    murphk wrote: »
    What do you when it happens after all that?

    Well its how you report it and deal with it internally, its not enough that you tell your boss you need to drive it home by ensuring that there is a written record of the report, also get it put on the risk register that way boss or risk committee need to accept the risk.

    If that risk is then realised they are responsible or at least officially aware it was possible.

    at the end of the day its all about ensuring that the risks sits with the correct people, this is almost never the IT department.

    That is the hardest culture change to implement once managers realise that its actually their risk not the IT departments, suddenly they become far more supportive in risk mitigation and avoidance.

    That is probably one of best pieces of advice I've seen given on Boards.

    Ownership of Risk is key. When a boss/board is signing off on not doing a piece of work and they own that risk in the register at the end of the day you have told them it's an issue, you have done your job.


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    That is probably one of best pieces of advice I've seen given on Boards.

    Ownership of Risk is key. When a boss/board is signing off on not doing a piece of work and they own that risk in the register at the end of the day you have told them it's an issue, you have done your job.
    Indeed. Most people in Infosec start out with a 'fix all the things' attitude. While a laudible goal, probably the most important lesson you'll learn is that that's not what you are there for. Also, as hard as it may sometimes be to accept, you need to realise that business leaders signing off on a risk may actually be the correct decision on their part, even if the vulnerability remains.


  • Registered Users, Registered Users 2 Posts: 1,299 ✭✭✭moc moc a moc


    Blowfish wrote: »
    you need to realise that business leaders signing off on a risk may actually be the correct decision on their part, even if the vulnerability remains.

    Understanding this (the business view of things) is a key aspect of maturity in the industry. I can't help but think of the Fight Club quote, though:

    Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.


  • Registered Users, Registered Users 2 Posts: 760 ✭✭✭mach1982


    syklops wrote: »
    For traditional corporate infosec type positions there often is the "Minimum 5 years experience", but really nowadays security is a very easy domain to get into. Getting the "hackers perspective" is very sexy and desirable now. Some tips for the infosec wannabe:

    Get a github account and host some projects there
    Get a blog and keep it security-oriented
    Join twitter and again try and keep it security oriented
    Go to some conferences
    Go to chapter meetings - HoneyN3t, 2600, Tog etc
    Build an attack lab at home with a wide range of technologies and be familiar with them and their deployment,
    Very importantly, accentuate any roles in current or previous roles that are security related on your CV(firewalls/AV, patch management, System Administration etc)

    Currently in IT support ( 9 years) but want to get out I want to be my own boss and I am a bit of a crossroads.

    I've always had interest in Hacking and security, but I live the sticks , so there not many people into computers especially security . I've messed around with Kail/Backtrack , bought books on OSes, programming languages( all O'Reilly) hacking and metasploit . I've watch the Hak5 podcast from the season 1 when Wes was the co host and the other week I set up a open wrt wifi repeater to get wifi to my brother house next-door.

    So I got a couple of questions to , I know they might sound stupid so forgive me in advance.

    1. What type of projects should you host on your github. I once built a very very basic port scanner in Perl once. I'm no software developer but I can hack together scripts .

    2. Dose non industry experience count? , i.e hacking you own wifi or neighbours ( with their permission) or just paying about with metasploit seeing with if you take control of a old laptop or android phone( that was fun discover messages I deleted were still there) .

    Thanks .


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    mach1982 wrote: »
    1. What type of projects should you host on your github. I once built a very very basic port scanner in Perl once. I'm no software developer but I can hack together scripts .

    2. Dose non industry experience count? , i.e hacking you own wifi or neighbours ( with their permission) or just paying about with metasploit seeing with if you take control of a old laptop or android phone( that was fun discover messages I deleted were still there) .

    Thanks .
    While creating a unique tool to address a need no one else has is obviously going to put you in a much better spot than most, for starting out, you could actually just combine the two points above. You could get a lab setup or find a few intentionally vulnerable VM's, write scripts specifically targeting them and document clear and methodical walkthroughs for your approach and how you exploited them. Demoing that you can learn the technical bits and (in some senses more importantly) that you can explain what you did in a clear and understandable manner and you'll be golden.


  • Registered Users, Registered Users 2 Posts: 760 ✭✭✭mach1982


    I saw this
    http://www.bordnamona.ie/company/careers/current-vacancies/career/it-security-officer/

    Was tempted for about a second to apply as it close to where I live to but don't think I would have chance , (yet).

    I had apply to BnaM before and they got me do a silly aptitude test. I 'm slightly dyslexic, so don't do well on throes tests cause always I am second guessing myself

    I have taken the advice above and set a up virtual lab . I already had installed a a couple win xp, win 7, and win10 vms, and had set up Kali as a vm but never install it on the virtual disk , tried once and it failed for some reason so started all over again . Found a nice guide online and got it installed last night. Next step download measplotable , and see if can get the VM to recognise an USB wifi adapter, and some fun ....


  • Closed Accounts Posts: 1,198 ✭✭✭testicles


    This post has been deleted.


  • Advertisement
Advertisement