top of page

Position open and In screening process.

Cyber Security Compliance (Security Penetration Testing) Expert - Job ID 3687

Your Tasks:

​

  • Enforcing a comprehensive set of information security compliance measures throughout the organisation

  • Performing Supplier Assurance Evaluations

  • Launching and offering technical guidance on various Phishing Campaigns.

  • Implementing technical security measures and controls to address common threats, including those outlined in NIST, CIS Benchmarks, ISO 27001, PCI DSS, and OWASP.

  • To plan and execute complex assessments to identify vulnerabilities, weaknesses and misconfigurations for technologies used within the network environment.

  • Collaborate with other cyber defence and IT teams to evaluate the effectiveness of detective controls in place.

  • Threat Profiling: Good working knowledge of threat actors and the tactics, techniques, and procedures (TTPs)

  • Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.

  • Simulated Phishing attacks: Work with the Security Education and Awareness team to produce phishing emails based on real world scenarios with up-to-date threats in a controlled manner.
    Security Analysis: Analyzing the results of red team assessments to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.

  • Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.

  • Remediation Support: Collaborating with cyber teams, IT teams, developers, and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on security best practices, secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.

  • Mentoring: Supporting colleagues in the Penetration Team in all aspects of the job, technical and procedural.

  • Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.

  • Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.

  • Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.

 

Your Qualifications:

​​​

  • A bachelor's degree (MSc. or PhD. preferred) in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory.

  • Relevant industry experience can compensate for formal education requirements.

  • Technical Knowledge: A strong understanding of web technologies, programming languages (eg, HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.

  • Practical experience gained through participation in bug bounty programs, capture-the-flag (CTF) competitions, and real-world projects can also be valuable in showcasing skills and expertise.​

  • ​Strong knowledge of the cyber kill chain, common tactics, techniques, and procedures which are often used by adversaries.

  • Must have strong research capabilities and be up to date with the cyber industry.

  • Web Application Security: In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.

  • Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws.

  • Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.

  • Programming and Scripting: Proficiency in at least one programming language (eg, Python, Ruby, or JavaScript, etc.) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
    Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.​

  • ​Holds relevant industry certification/s or equivalent like the following:

    • CEH - Certified Ethical Hacker

    • OSCP - Offensive Security Certified Professional

    • GRTP - GIAC Red Team Professional

    • GPEN - GIAC Penetration Tester

    • GWAPT - GIAC Web Application Penetration tester

    • GDAT - GIAC Defending Advanced Threats

    • CRT - Crest Registered Penetration Tester

    • CCSAS - Crest Certified Simulated Attack Specialist

bottom of page