Sorry, this job is no longer available.
loading...

(Loading More Opportunities)

Penetration Tester


Purpose Statement
To ensure that the business is prepared and skilled to mitigate any cyber security threat through
Assessing and testing the applications and processes of the Bank.
Identifying potential areas of weaknesses from a security perspective.
Playing a key role in developing world class cyber security capabilities within the Bank by means of knowledge transfer, education, training and research.

Experience

MINIMUM:

3 – 5 years’ experience in cyber security testing
Risk identification and communication relating to cyber security
IDEAL:

5+ years in cyber security testing
2 – 3 years financial services / banking experience
Experience with the Agile and DevOps models
Qualifications (Minimum)
Grade 12 National Certificate / Vocational
Certification in Information Technology
Qualifications (Ideal or Preferred)
A relevant tertiary qualification in Information Technology or Information Technology - IT Engineering
Knowledge

MINIMUM:

Manual and automated security testing of infrastructure, networks, and web applications\services
Technical vulnerability assessments (CVE and CVS database knowledge)
Best practice technical reviews; using company and industry standards
Common network protocols, system architecture, and operating systems
Logical access reviews and audit
Knowledge of TTP's/MITRE Attack Framework, threat-attack landscape
Strong communication and reporting skills, articulate risk to business
Solution and white-boarding of systems to be assessed
Ability to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)
Experience in testing web services, web\mobile applications, and cloud applications
Proficiency with pen-testing tools (Security distro’s and intercepting proxy tools)
Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT
Understanding of system architectures and platforms (e.g. Windows, Unix, Linux and RedHat)
Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL and Oracle)
Understanding of networking protocols and architectures, WAF’s, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls and perimeter security technologiesEnd User Infrastructure Service technologies (e.g. Print Management Solutions)
IDEAL:

Cyber Security Threat modelling and Attack-Path mapping
Conducting and participating in Red-Team\Purple teaming exercises
Familiarity with industry regulatory requirements, specific to information security
Proficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)
Reverse engineering of malware\exploits
Skills
Communications Skills
Computer Literacy (MS Word, MS Excel, MS Outlook)
Attention to Detail
Analytical Skills
Problem solving skills
Competencies
Adhering to Principles and Values
Presenting and Communicating Information
Writing and Reporting
Applying Expertise and Technology
Analysing
Learning and Researching
Delivering Results and Meeting Customer Expectations
Conditions of Employment
Clear criminal and credit record
Please note that by submitting your personal information to Deka Minas you free-willingly issue the business consent to make use of such data for the specific purpose of securing you either permanent or temporary employment. Our business makes use of a POPIA compliant database and you have the right to access, right to correction and right to deletion of your personal information.
Posted
08/01/2022
Location
Johannesburg, GT, ZA