job description - Penetration Tester
- To ensure that the business is prepared and skilled to mitigate any cyber security threat through
- Assessing and testing the applications and processes of the Bank.
- Identifying potential areas of weaknesses from a security perspective.
- Playing a key role in developing world class cyber security capabilities within the Bank by means of knowledge transfer, education, training and research.
Experience
MINIMUM:
- 3 – 5 years’ experience in cyber security testing
- Risk identification and communication relating to cyber security
IDEAL:
- 5+ years in cyber security testing
- 2 – 3 years financial services / banking experience
- Experience with the Agile and DevOps models
Qualifications (Minimum)
- Grade 12 National Certificate / Vocational
- Certification in Information Technology
Qualifications (Ideal or Preferred)
A relevant tertiary qualification in Information Technology or Information Technology - IT Engineering
Knowledge
MINIMUM:
- Manual and automated security testing of infrastructure, networks, and web applications\services
- Technical vulnerability assessments (CVE and CVS database knowledge)
- Best practice technical reviews; using company and industry standards
- Common network protocols, system architecture, and operating systems
- Logical access reviews and audit
- Knowledge of TTP's/MITRE Attack Framework, threat-attack landscape
- Strong communication and reporting skills, articulate risk to business
- Solution and white-boarding of systems to be assessed
- Ability to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)
- Experience in testing web services, web\mobile applications, and cloud applications
- Proficiency with pen-testing tools (Security distro’s and intercepting proxy tools)
- Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT
- Understanding of system architectures and platforms (e.g. Windows, Unix, Linux and RedHat)
- Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL and Oracle)
- Understanding of networking protocols and architectures, WAF’s, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls and perimeter security technologiesEnd User Infrastructure Service technologies (e.g. Print Management Solutions)
IDEAL:
- Cyber Security Threat modelling and Attack-Path mapping
- Conducting and participating in Red-Team\Purple teaming exercises
- Familiarity with industry regulatory requirements, specific to information security
- Proficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)
- Reverse engineering of malware\exploits
Skills
- Communications Skills
- Computer Literacy (MS Word, MS Excel, MS Outlook)
- Attention to Detail
- Analytical Skills
- Problem solving skills
Conditions of Employment
Clear criminal and credit record
Report
About the company
1 followers
Follow
We provide simplified banking solutions. That's why we offer affordable transactions, the right type of credit when you need it, and insurance for you.