Job Description

Full Job Description
As a Penetration Tester you will have a unique opportunity to Design, Engineer & Embed practical & balanced cyber / information security principles/patterns/controls into all products and platforms at NST Cyber. In this role you will be working with an energetic team of cybersecurity SMEs, Specialists and other stakeholders to conduct security assessments, gap analysis, provide remediation to the relevant squads / stakeholders.

As a Security Assessor your responsibilities include but are not limited to the following:

Encourage ‘Shift Left’ Mindset - Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle
Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees
Assessments – Act as a DecSecOps engineer to Perform security assessment, gap analysis to provide appropriate remediations to the teams for implementing the fixes.


Requirements:

Bachelor’s degree in a computer-related field
Must have minimum 4 years of experience in an information security function
Minimum 3 years of experience, as a Security Engineer especially in Cloud Native environments
Deep foundational knowledge of Containerized environment and Streaming Platforms
Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical)
Experience for Securing following Components:
Containers
Docker
Kubernetes
Jenkins
Github
Openshift
With good knowledge about microservice architecture and pipeline driven security


Technical Requirements | Application Security Assessment Skillset
Container Security
Docker Review / Image review
Kubernetes Security Review
Open-source Libraries review
Application Security
Security Code Review
Container Review
Infrastructure Review
WAF rules review
Superlative written and verbal communication skills
Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint
Has strong decision making, planning and time management skills.
Can work independently.
Has a positive and constructive attitude.


NST Cyber partners with global banks and Forbes 2000 companies across 4 continents to deliver independent audits and enterprise security assessments. Our core expertise lies in securing complex, scalable modern-day applications that extensively leverage cloud services and technologies.

With a combination of intelligence-driven active assessments, policy, and control validation, our team ensures your security and success with a best-in-class customer experience.

Quick response

Required Knowledge

• K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0009   Knowledge of application vulnerabilities.
• K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• K0162   Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
• K0344   Knowledge of an organization’s threat environment.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• S0044   Skill in mimicking threat behaviors.
• S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• S0137   Skill in conducting application vulnerability assessments.
• S0364   Skill to develop insights about the context of an organization’s threat environment

Required Abilities

• A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• A0120  Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.