Job Description

Successful incumbent will

Perform penetration testing and attack simulations on business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws.
Occasional experiments with various methods attackers could use to exploit information security vulnerabilities.
Complete threat assessment reports that outline penetration test findings and presents findings to clients.
Conduct physical security assessments of servers, systems and network devices.
Collaborate with the SecOps team to maintain a client’s information security policies and procedures.

Must have

Relevant tertiary qualification
Security related certifications such as OSCP, OSCE or CREST are desirable
Extensive penetration testing experience in a similar role.
Experience with both commercial and open source security tools and scripting languages
Exposure to security testing scenarios e.g. Capture the Flag / Red Team / Blue Team is desirable
Experience with various testing platforms is desirable
10 years + working experience

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0009   Knowledge of application vulnerabilities.
• K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• K0342   Knowledge of penetration testing principles, tools, and techniques.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• S0051   Skill in the use of penetration testing tools and techniques.
• S0052   Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
• S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• S0137   Skill in conducting application vulnerability assessments.

Required Abilities

• A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.