Contract Web Security Consultant

Job description

We’re looking for a website security consultant to do occasional work for us reviewing the deployment of our public website and suggesting and / or implementing changes to help prevent interruption of availability or the execution of malicious code.

This is a contract position that will require occasional work on specific tasks.

This is a work-from-home / casual position.

What we’re looking for

We’re looking for a website security consultant to look at our public facing website and provide a security audit and recommendations for security procedures to prevent data loss or the successful execution of malicious code (such as the installation of spam SMTP scripts).

Our website is pretty typical of those for mid-size companies: we have a website running on a Joomla / LAMP stack, on a commercial web host that uses cPanel for site management. In our case, we use BlueHost’s dedicated hosting features.

While we maintain site backups and regularly update our open-source site components, we have noticed a steady drumbeat of attacks on our site, probing us with common exploits for popular CMS platforms and site configurations. We want to make certain that we are doing everything appropriate, and possible within the limitations of our technology stack to ensure that our site is not compromised.

We are especially concerned about the possibility of our primary domain being blacklisted in the event that an attacker successfully implements an SMTP spam script. Since we are a defense technology company, it would be detrimental to our brand if our website falls victim to a common exploit.

While commercial web hosts like ours do implement organizational security, we are not able to evaluate how effective their security is.

We would like an audit of our deployment, and recommendations for hardening and maintaining our site security.

The good news is that this is a simple brochureware website, with no ecommerce components and no online client or consumer data that can be stolen or compromised. For this reason, this is a small engagement that should only take a few days to complete.

Duties Include

  • Examine the current website technology stack (with the understanding that we do not intend to replace the current site)
  • Talk with the hosting support team to determine and evaluate the security implemented at their organizational level
  • Make recommendations for any immediate changes or hardening required
  • Create a strategy for ongoing security procedures and site updates (in addition to those already in place)
  • Create a disaster recovery strategy in the event of a successful hack

You Have

  • A Canadian security clearance or eligibility to obtain one
  • A post-secondary degree in a field related to Computer Science or Engineering or equivalent relevant experience
  • Demonstrated experience with popular open source CMS platforms like Joomla and Drupal
  • Demonstrated knowledge of commercial website hosting services like GoDaddy and BlueHost

Experience in the following areas:

  • Common website security strategies
  • Enterprise website security practices

It Would be Great if You Have...

Experience in some of the following areas depending on the project and role:

  • Experience with or knowledge of the cPanel ecosystem
  • Experience with disaster recovery in the event of site hacks, domain blacklists and other similar incidents

How to Apply

Visit our website at www.kongsberggeospatial.com to learn more about us. If you fulfill the requirements and skills listed above, we look forward to hearing from you.

Please apply by e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it., quoting the job title “Security Consultant” and attaching your resume in PDF format only.

Due to the volume of applicants, only those selected for an interview will be contacted. We appreciate your interest in Kongsberg Geospatial.

Kongsberg Geospatial is a fully owned subsidiary of Kongsberg Defence & Aerospace
Kongsberg Geospatial is a wholly-owned subsidiary of Kongbserg Defense and Aerospace
Kongsberg Geospatial Ltd.
United States and Canada
1-800-267-7330
WorldWide
1-613-271-5500
This email address is being protected from spambots. You need JavaScript enabled to view it.