Senior Security Specialist – Penetration Testing
Closing Date:
Monday, January 20, 2020
Location of the Job:
Gaborone, Botswana
Reference Number:
ITOPSSSS - Pen and Test
Company | Letshego Holdings Limited | ||
Reference # | ITOPSSSS - Pen and Test | ||
Published | 13/01/2020 | ||
Contract Type | Permanent | ||
Salary | Market Related | ||
Location | Gaborone, South East, Botswana | ||
Introduction |
The Penetration Testing team probes for and exploits security vulnerabilities in web-based applications, networks and systems. The role requires the encumbent to research Penetration testing tools, to automate them for efficiency and even to create own tools to test and review the organisation’s information security posture and to make recommendations and find solution with the team to prevent breaches.
|
||
Job Functions | Information Technology,Research and Development,Safety & Security,Technical | ||
Industries | Financial Services | ||
Specification |
1.Perform formal penetration tests on Information Technology Infrastructure, pallications and systems.
2.Conduct physical security assessments of servers, systems and network devices 3.Design and create new penetration tools and tests 4.Probe for vulnerabilities in web applications, fat/thin client applications, mobile applications and standard applications 5.Pinpoint current methods that attackers could use to exploit weaknesses and logic flaws 6.Employ social engineering to uncover security holes (e.g. poor user security practices or password policies) 7.Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies 8.Research, document and discuss security findings with management and IT teams 9.Review and define requirements for information security solutions 10.Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets 11.Provide feedback and verification as an organization fixes security issues 12.Documents systems vulenrabilities technically and administratively; |
||
Requirements |
Qualifications:
•Bachelor’s Degree in Computer Science or Diploma in Information Systems with five years of Information Security experience in a Security Engineering role •As many Security Industry related Certifications as possible, e.g. CISSP, CISA, CASP+, CEH, OSCP, any GIAC, any SANS. •Programming qualifications in relevant languages with emphasis on secure coding •Hacking & Forensic Specific Qualifications like: CEH, CPT, CEPT, GPEN, OSCP,GCIH, GCFE, GCFA, CCFE, CREA •Proof of continuous learning Background/Experience: Technical: •Knowledge of Penetration testing and hacking standards and methodology •Solid experience on: oWindows, UNIX and Linux operating systems oC, C++, C#, Java, ASM, PHP, PERL oNetwork servers and networking tools (e.g. Nessus, nmap, Burp, etc.) oComputer hardware and software systems oWeb-based applications oSecurity frameworks (e.g. ISO 27001/27002, NIST, HIPPA, SOX, etc.) oSecurity tools and products (Fortify, AppScan, etc.) oVulnerability analysis and reverse engineering oMetasploit framework oForensics tools oCryptography principles •Development experience to work with developers •Technical writing including the creation of Penetration test reports •IT Security Audit fundamentals •Sound IT Security systems concepts and principles •Complex modelling techniques Analytical: •Creativity •Problem Solving and Analytical Thinking •and conceptual expertise •Forensic analysis •Object-oriented analysis •Evaluation of profitability/risk •Testing, verification and validation techniques •Creation of Pentesting Scope & Project documentation •Administrative and reporting abilities Business: •Knowledge of business processes within the context of Financial Services •Improvement of business and engineering processes •Strategic planning •Case development •Business writing Coaching: •Hacking techniques •Confidentiality, ethical behaviour, privacy & integrity •Policies, procedures, standards and guidelines •Secure coding practices Communication: •Ability to formulate concepts •Communication of technical information to a non-technical audience •Communication of business information to a technical audience •Negotiation Skills •Tactful |
||
Job Closing Date | 20/01/2020 |
Click on the link to apply: https://letshego.jb.skillsmapafrica.com