Senior Security Specialist – Penetration Testing

The Penetration Testing team probes for and exploits security vulnerabilities in web-based applications, networks and systems. The role requires the encumbent to research Penetration testing tools, to automate them for efficiency and even to create own tools to test and review the organisation’s information security posture and to make recommendations and find solution with the team to prevent breaches.

1.Perform formal penetration tests on Information Technology Infrastructure, pallications and systems.
2.Conduct physical security assessments of servers, systems and network devices 
3.Design and create new penetration tools and tests 
4.Probe for vulnerabilities in web applications, fat/thin client applications, mobile applications and standard applications 
5.Pinpoint current methods that attackers could use to exploit weaknesses and logic flaws 
6.Employ social engineering to uncover security holes (e.g. poor user security practices or password policies) 
7.Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies 
8.Research, document and discuss security findings with management and IT teams 
9.Review and define requirements for information security solutions 
10.Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets 
11.Provide feedback and verification as an organization fixes security issues 
12.Documents systems vulenrabilities technically and administratively;
 

Qualifications: 

•Bachelor’s Degree in Computer Science or Diploma in Information Systems with five years of Information Security experience in a Security Engineering role
•As many Security Industry related Certifications as possible, e.g. CISSP, CISA, CASP+, CEH, OSCP, any GIAC, any SANS. 
•Programming qualifications in relevant languages with emphasis on secure coding
•Hacking & Forensic Specific Qualifications like: CEH, CPT, CEPT, GPEN, OSCP,GCIH, GCFE, GCFA, CCFE, CREA
•Proof of continuous learning

Background/Experience:
Technical: 
•Knowledge of Penetration testing and hacking standards and methodology
•Solid experience on: 
oWindows, UNIX and Linux operating systems
oC, C++, C#, Java, ASM, PHP, PERL
oNetwork servers and networking tools (e.g. Nessus, nmap, Burp, etc.)
oComputer hardware and software systems
oWeb-based applications
oSecurity frameworks (e.g. ISO 27001/27002, NIST, HIPPA, SOX, etc.)
oSecurity tools and products (Fortify, AppScan, etc.)
oVulnerability analysis and reverse engineering
oMetasploit framework
oForensics tools
oCryptography principles
•Development experience to work with developers 
•Technical writing including the creation of Penetration test reports
•IT Security Audit fundamentals
•Sound IT Security systems concepts and principles 
•Complex modelling techniques 

Analytical: 
•Creativity
•Problem Solving and Analytical Thinking
•and conceptual expertise
•Forensic analysis
•Object-oriented analysis 
•Evaluation of profitability/risk 
•Testing, verification and validation techniques 
•Creation of Pentesting Scope & Project documentation
•Administrative and reporting abilities 

Business: 
•Knowledge of business processes within the context of Financial Services
•Improvement of business and engineering processes 
•Strategic planning 
•Case development
•Business writing 
Coaching: 
•Hacking techniques
•Confidentiality, ethical behaviour, privacy & integrity
•Policies, procedures, standards and guidelines
•Secure coding practices

Communication: 
•Ability to formulate concepts 
•Communication of technical information to a non-technical audience 
•Communication of business information to a technical audience 
•Negotiation Skills 
•Tactful