Cyber Security Consultant – Senior Penetration Tester

We are looking for a Senior Penetration Tester to provide senior Cyber Security expertise to effectively and efficiently ensure the ongoing confidentiality, integrity and availability of systems and information. The person will be focusing on penetration testing, application and code security, vulnerability assessments, and security incident management. Strong hands-on experience with security testing, networking and monitoring tools, such as Burp, suite, OWASP Zap, Nmap, Metasploit, Wiresshark and SIEM are highly preferable.

我想加入Mox隊員
Responsibilities
  • Lead and perform hands-on penetration testing of web applications, APIs, infrastructure, mobile (iOS/Android), and network in order to assess and validate the security posture
  • Perform vulnerability scans and assessments
  • Conduct security code reviews and make recommendations to developers
  • Drive security awareness of secure coding practices and techniques
  • Write high quality security reports on identified security vulnerabilities, including recommendations to remediate, and delivery of report to stakeholders
  • Work collaboratively with key development and operations stakeholders in order to establish and deliver a secure CI/CD pipeline
  • Support incident management response and investigation activities such as triage, threat analysis, end-user interviews, and remediation efforts
  • Provide subject matter expertise, security consulting, and advisory services to business entities and project teams
  • Excellent time management and ability to work on multiple projects as needed
  • Manage key security assurance suppliers as required
  • Conduct offensive research to evaluate emerging cyber security threats and trends
  • Maintain up-to-date knowledge of the latest attacks, vulnerabilities, mitigation strategies, industry best practices and regulations
  • Build strong working relationships across the business and technology teams
  • Coach and mentor junior team members
Requirements
  • Strong experience in IT security related positions with a key focus on penetration testing, application and code security, vulnerability assessments, and security incident management
  • Passion for offensive security and assurance
  • Strong risk mindset and knowledge of risk management guidelines and frameworks
  • Deep understanding of penetration testing methodologies, vulnerability identification, and software security principles
  • Being able to translate complex technical scenarios, cyber security specific threats, and related mitigating controls into a language that stakeholders at all levels can understand
  • Hands-on threat, vulnerability, patching, and remediation management experience
  • Additional experience working within a CIRT / SOC, or similar capacity
  • Strong hands-on experience with security testing, networking, and monitoring tools such as, Burp Suite, OWASP Zap, Nmap, Metasploit, Wireshark, and SIEM
  • Ability to act calmly and competently in high-pressure, high-stress situations. Must be a critical thinker, with strong problem- solving skills and analytical skills
  • The ability to manage multiple projects under strict timelines
  • Development and automation experience in one or more programming languages are highly desired
  • Experience working in a cloud environment is highly desired
  • Ability to contribute in a team environment
  • Strong English communication skills

Qualifications

  • One of more industry-recognised certifications in penetration testing (OSCP, OSWE, OSCE, CREST CCT / CRT, SANS, etc.)
  • Desirable for Bachelors/Masters level qualifications in Management, Engineering, Law, Computer Science, IT, Business or Commerce
  • Participation in relevant Cyber Security industry forums is desirable

Close