It would also be very useful if you would actually describe what the requirement
is, in terms that are not (as this obviously was...) excerpted from the HR job-board posting that was most likely cross-posted everywhere else you could think of.
Don't tell us "what the skills are." Saying that you want "kernel compilation" and "shell scripting" merely reveals (sorry...) that you don't really know what you're asking for.
(Hold on a second! I am speaking candidly and plainly, and of course, opinionatedly, but my intent is not to insult you or to offend you. Read on.)
Tell us "what the job is to do." Frequently, security professionals work on a contract basis and they do so remotely, knowing that once the fire is out the perceived need for a fireman quickly fades. If you've suddenly discovered for the first time that you've been hacked, or if you have some regulatory-compliance issue breathing down your neck, you need to know
what to ask for, and
how to ask for it. A
good security pro is, frankly, a great deal more savvy than the clients s/he works for, and the ordinary HR post won't hook the good fish. If the posting reveals a fundamental ignorance of the requirements, as (sorry) this one does, no one will hit it.
If you actually want your company's computers to be cleaned and secured, and
provably secure, approach it in the same way that you (or your landlord) contracts for, say, fire-protection or a watchman. There are well-defined objectives and deliverables; contractual requirements that must be continually met.
"A contract" is often the
best business arrangement, at least for your tag-team or the trainers, because it
is contractual: contract law provides much stronger recourse, in the event of "breach," than human-resources law, which is built to protect the employee. Furthermore, in security, "you are primarily interested in the results obtained." You want to buy
that, not "a smart butt (ahem) in a chair."
I suggest that you surf some of the very-best-known sites, such as
http://www.counterpane.com, and carefully observe what their business approach is. They know the business. How do
they approach you, as a prospective client? It follows that, if you wished to approach
them and to attract their serious interest, your strategy would need to be similar.
Furthermore, the act of sitting down and developing that strategy .. of deciding,
"what do we need here?", or maybe of deciding,
"you know, we really don't know what we need here, so how can we find out?", might prove to be the first
real step that you and your company will go through in its quest for meaningful security.
"Knowledge is power." Security is not a
product, it is a
method.