Penetration Tester

Purpose StatementTo ensure that the business is prepared and skilled to mitigate any cyber security threat throughAssessing and testing the applications and processes of the Bank.Identifying potential areas of weaknesses from a security perspective.Playing a key role in developing world class cyber security capabilities within the Bank by means of knowledge transfer, education, training and research.ExperienceMINIMUM:3 5 years experience in cyber security testingRisk identification and communication relating to cyber securityIDEAL:5+ years in cyber security testing2 3 years financial services / banking experienceExperience with the Agile and DevOps modelsQualifications (Minimum)Grade 12 National Certificate / VocationalCertification in Information TechnologyQualifications (Ideal or Preferred)A relevant tertiary qualification in Information Technology or Information Technology - IT EngineeringKnowledgeMINIMUM:Manual and automated security testing of infrastructure, networks, and web applications\servicesTechnical vulnerability assessments (CVE and CVS database knowledge)Best practice technical reviews; using company and industry standardsCommon network protocols, system architecture, and operating systemsLogical access reviews and auditKnowledge of TTP's/MITRE Attack Framework, threat-attack landscapeStrong communication and reporting skills, articulate risk to businessSolution and white-boarding of systems to be assessedAbility to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)Experience in testing web services, web\mobile applications, and cloud applicationsProficiency with pen-testing tools (Security distros and intercepting proxy tools)Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINTUnderstanding of system architectures and platforms (e.g. Windows, Unix, Linux and RedHat)Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL and Oracle)Understanding of networking protocols and architectures, WAFs, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls and perimeter security technologiesEnd User Infrastructure Service technologies (e.g. Print Management Solutions)IDEAL:Cyber Security Threat modelling and Attack-Path mappingConducting and participating in Red-Team\Purple teaming exercisesFamiliarity with industry regulatory requirements, specific to information securityProficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)Reverse engineering of malware\exploitsSkillsCommunications SkillsComputer Literacy (MS Word, MS Excel, MS Outlook)Attention to DetailAnalytical SkillsProblem solving skillsCompetenciesAdhering to Principles and ValuesPresenting and Communicating InformationWriting and ReportingApplying Expertise and TechnologyAnalysingLearning and ResearchingDelivering Results and Meeting Customer ExpectationsConditions of EmploymentClear criminal and credit recordPlease note that by submitting your personal information to Deka Minas you free-willingly issue the business consent to make use of such data for the specific purpose of securing you either permanent or temporary employment. Our business makes use of a POPIA compliant database and you have the right to access, right to correction and right to deletion of your personal information.
Johannesburg, GT, ZA