POSITION SUMMARY: 

Experienced Penetration tester to carry out Penetration Testing exercise and vulnerability management activities includes planning, coordinating executing and reporting on sophisticated ethical hacking and penetration testing scenarios that simulate the tactics, techniques, and procedures of a variety of threat actors.
Manage the vulnerability and secure configuration assessment process and activities to include planning, coordinating and executing vulnerability and configuration scanning and remediation of valid scan results. 

PRIMARY RESPONSIBILITIES: 

• Responsible to carry out Vulnerability Assessment and Penetration Testing to identify the weakness
• Assist in developing a cyber-threat & vulnerability management strategies relating to Network & application penetration testing and other security assessments
• Align vulnerability management and penetration testing functions with the organization’s overall business objectives by reducing information technology’s exposure to vulnerabilities
• Assist in managing penetration testing processes and procedures, and produce meaningful metrics and reports
• Assist in managing remediation including mentoring vulnerability management and penetration testers in working with Information Technology to architect solutions
• Responsible to conduct security assessment across a wide range of technologies, this includes:  
• Network Penetration tests
• Web Application Penetration tests
• Application Penetration tests
• Mobile application Penetration tests (Android, IOS, Windows Mobile)
• Embedded device tests
• Reverse software engineering
• Data exfiltration tests
• Cryptographic strength assessments
• Manual Vulnerability Testing and Verifications
• Manual Configuration Weakness Testing and Verifications
• Exploit Developments
• Phishing Campaigns
• Wireless security architectures, scanning, rogue detection and prevention and secure configurations
• Source Code Scanning/reviews
• Remediation tests
• And More!
• Probe for vulnerabilities in web applications, fat/thin client applications and standard applications
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
• Perform Custom exploit development
• Assist in building and incorporating Security as a process in the SDLC phases 
• Research and develop testing tools, techniques, and process improvements
• Stay highly relevant by researching and discovering the newest security vulnerabilities and issues /threats
• Assist in reviewing and defining requirements for information security solutions
• Perform information security incident response and investigation activities
• Perform Forensic Analysis
• Assist in working on the improvements for security services, including the continuous enhancement of existing methodology material and supporting assets

KEY PERFORMANCE INDICATORS: 

N/A 

QUALIFICATIONS: 

Experience

• 3+ years of relevant experience in penetration testing and security assessments
• Requires in depth experience and knowledge of enterprise IT concerns and technologies
• Approximately 2 years of experience preferred in one or more following area:

• Penetration testing (black box/white box)
• Application penetration test and Source code reviews
• Security testing of web-based applications
• Mobile Application Penetration Testing (Android, IOS, Windows Mobile)
• Network, Wireless Network and Infrastructure Penetration Testing

• Manual attack and penetration testing experience above and beyond running automated tools
• Attack signature fingerprinting and signature generation (Manual exploit payload analysis), and reverse engineering
• Incident Response/ Handling & Digital Forensics
• Understanding common software security issues and remediation techniques (OWASP Top 10, SANS 25,

etc..)

• Understanding penetration testing methodology (OWASP, OSSTMM, PTES, NIST 800-115 etc.,)
• A working knowledge of vulnerabilities and configuration settings and their exploitation in order to gain access to networks, applications, hosts, and desktops.  
• Security engineering
• Threat Modelling
• Malware analysis
• Forensics analysis
• Reverse software engineering
• Application Design and Architecture
• Wireless security architectures, scanning, rogue detection and prevention and secure configurations
• Threat/Vulnerability Research
• Source Code Scanning/reviews
• Mobile Application Penetration Testing
• Phishing Campaigns
• Red Team engagements
• Conduct testing and analysis, including activities such as password strength and quality assessments; SIEM gap analysis, Web Application testing and exploitation, wireless network exploitation, phishing campaigns, data exfiltration, automated network share crawls for PII and other sensitive data, and cryptographic strength assessments 

• Experience in developing customs scripts or programs to use for port scanning or vulnerability assessment

• Ability to perform internal and external penetration testing using automated tools and social engineering
• Ability to architect solutions for cross domain solutions to include Microsoft, *NIX, SCADA, and Gaming
• Perform, review and analyse security vulnerability data to identify applicability and false positives
• Strong operating system, Database, networking and wireless security skills and deep understanding of TCP/IP networking;
• Experience with programming languages such as C, C++, C#, asp, and .Net is a plus
• Knowledge of and familiar with Public Key Infrastructure and key and certificate management
• Knowledge of and familiar with identity and authentication management and their architecture
• Well versed in multiple security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others

Education

• A bachelor degree in Computer Science and an information security or other similar technical certification such as Certified Ethical Hacker (CEH) or GIAC (Global Information Assurance Certification) or Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) is highly desirable

Skills / Competencies

• Proven excellence in researching, organizing, writing, and presenting technical information
• Capacity to work independently and in a team environment, with project management skills
• Must have excellent analytical skills, have the ability to multi-task and have solid project management skills
• Ability to understand the relationship between business processes, priorities, risk and their underlying technologies and security risks
• Ability to keep pace with a fast pace and growing company
• Achieves agreed objectives and accepts accountability for results
• Displays the highest level of integrity
• Ability to maintain discretion

PERSONAL COMPETENCIES: 

• Displays a high commitment to delivering results
• Communicates effectively
• Achieves agreed objectives and accepts accountability for results
• Displays the highest level of integrity
• Ability to maintain discretion
• Self-motivated
• Approachable