JOB PURPOSE
As Penetration Tester on Information Security Governance Security Assessment, perform the security assessments in a variety of projects that will target, evaluate and test areas that will include network equipment, servers, applications, mobile devices, and other information systems within the Group and its third parties
Job Description
Job Title: Penetration Tester
Principal Accountabilities
Information Security Assurance
- Perform penetration testing and reporting of new projects defined by the Group or affiliates
- Perform penetration testing and reporting of new systems or existing systems that have experienced major changes
- Perform penetration testing activities against critical networks, applications and systems both for internal and external assets of the Group
- Participate in the development and testing of customized penetration testing tools and exploits in support of red team engagements.
- Develop vulnerability intelligence reports, summaries and bulletins that articulate the associated risks to management and stakeholders.
IV. JOB CONTEXT
- Information Security Penetration Testing
- Exploitable Vulnerability Detection and Reporting
- Overseeing remediation of Vulnerabilities
V. JOB DIMENSION
Key Performance Indicators/ Performance Goals:
- Average Number of information security-related exploits reported per year
- Percentage downtime due to Security incidents.
- Cost savings by using internal penetration test rather than outsourcing
- Security breach detection time/security failure repair time.
- Number of security breaches due to existing exploitable vulnerabilities
- A number of continuous improvement initiatives are recommended per year.
Vi. Job Skills/Experience
- Perform web application scanning and using various tools to discover vulnerabilities such as cross-site scripting, SQL injection, cross site request forgery, remote code execution
- Perform segmentation testing to validate integrity of segmentation and network boundary controls
- Knowledge of OWASP standards and assessing web applications and software development again the OWASP Top 10
- Working knowledge of malware analysis, pivoting, source code reviewing, exploit writing
- Experience and knowledge with industry tools, security threats, attacks & countermeasures, sources of industry information and standards
- Configuration review of information technology systems including network devices, applications, databases, virtual environments
- Knowledge of encryption algorithms, techniques, deployments
- Develop and test scripts
- Bachelors of Science in computing or any related fields
- Good document writing skills
- Ability to work in a Multicultural Environment
- Highly attentive to detail
- Friendly and approachable
- Resourceful
- Ability to work well under pressure