hero

Find your next cybersecurity opportunity

237
companies
434
Jobs

Security Consultant

NCC Group

NCC Group

Administration, IT
United States · Remote
Posted 6+ months ago

Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.

We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.

We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission, to make the world safer and more secure.

Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business…

We are looking for security-focused engineers and researchers to join our security consulting and research practice. Job duties will include penetration testing, security analysis, and cutting-edge research into current technologies and attacks.

What you’ll be doing:

You will spend most of your day thinking about security systems and how you can break them. This is a very creative job that gives individuals a lot of freedom to be clever while learning new technologies at a very fast pace. Typical engagements will pair you with another experienced security consultant, and you will learn from each other along the way. Engagements are usually 2-4 weeks long. During your normal customer work, you will be exposed to a wide variety of products and technology stacks. You will have enormous impact in making the software people use safer. You will also be a security researcher, with dedicated research time.

The Work:

A normal client engagement will last approximately 2-4 weeks, and involve anywhere from 1-3 consultants. There are definitely exceptions, though. We test web applications and mobile apps, networks, sandboxes, kernel components, custom client-server applications, hardware and firmware, stand-alone applications and more, and also do some social engineering and physical penetration testing. Our customers are a mix of large software, hardware, and hosted application providers, start-ups, financial services companies, and more. Just today, you’ve probably used a lot of things we’ve tested. We crawl around in the ventilation ducts of the world's most popular and important applications.

We are a consultancy and so go to clients’ sites when necessary. That being said, we’re always working with clients to deliver remote work whenever possible. We presume if you take up residence in a city, it’s because you want to be there. We try to proactively monitor travel so that no one is constantly being sent around the country (unless they volunteer). By and large, we are a company run by security consultants, and we have no interest in burning ourselves out.

Research:

Research is at the foundation of NCC Group and the work that we do. We speak at top-tier security conferences all over the world. All of our consultants receive time and resources to support their research endeavors. Research is rewarded with substantial bonuses for speaking at conferences, writing whitepapers, and creating tools. Mostly, though, we like to let our research speak for itself.

NCC Group sponsors numerous security events around the country, including a quarterly security speaker series, NCC Open Forum, in every region where we have an office. We support great research, regardless of its origin.

The Hiring Process:

We believe we are the best in the industry at what we do. We’re always looking to add great people to our team.

Are you a seasoned infosec consultant? Have you always been interested in security but not sure how to land a career in it? Do you know how to develop and write code, but don’t know how that translates into a security role? Are you graduating soon from a security program and want to join our team? Great! No matter which of these applies, you’ve come to the right place. Apply online via the link below:

We like our recruiting process to be transparent to our candidates. It roughly consists of the following steps:

  • An initial call between you and a member of our team. We’ll tell you more about the company, the work that we do, a day in the life of one of our consultants, and why we think NCC Group is a great place to work. Our pitch, basically. You’ll surely have some questions for us. Ask away! We will also have some basic technical questions on this call, but they are more for scoping your experience, rather than to determine if you move forward. You will move forward past this point.
  • Technical phone interviews. We’ll connect you with members of our team for more in-depth technical conversations to see what you know and how your mind works.
  • Practical challenges. We have several at our disposal that we can use to gauge practical abilities in areas like web application, network security, and protocol analysis. Most candidates will complete both the web and protocol challenges. These challenges aren’t meant to be imposing. We will arm you with resources allowing you to prepare adequately to be successful.
  • The offer. If you made it this far, hopefully we’ve hired you!

You Have Questions:

  • How long does the process take? We try to make it as quick and painless as possible. That said, a lot will depend on your experience level, and the time you need to prepare for the challenges. 90% of the process is done on your schedule and at your convenience. The nice part about us always hiring is that you don’t have to compete for open positions. Our hope is that the process can be completed in about 3-4 weeks, though we can accommodate shorter or longer timelines. Sitting on an offer and need us to light a fire under the process? Just let us know!
  • How many open positions do you have? We are constantly seeking qualified security consultants. There may be a predetermined number of operational positions in sales, project management, etc.
  • Can I work remotely for NCC Group? The short answer is maybe. We set the bar high for our remote employees in terms of skillset and experience, as they won’t have the same access to training, management support, etc. Our remote employees must also be more open to travel, as we want to get them on-site to work with their coworkers in person.
  • Do you mostly do web application pen testing? No, the work we do runs the gamut. At any given point, around 50-75% of our work involves a web server, but much of that is mobile or server-to-server applications. For the rest, we get great engagements in network security, cryptography, social engineering, physical penetration tests, and much more.


The NCC Group family has over 2,200 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.

We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.

Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect.

We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.