The ethical hacker will be performing penetration testing or vulnerability assessment of web applications, mobile applications, thick clients, and performing code reviews for multi-protocol enterprise systems.
- Performing a variety of security testing assignments, including red teaming, infrastructure and applications;
- Defining the scope for security testing assignments;
- Managing complex multi-faceted security testing assignments;
- Developing and quality assuring security test reports;
- Working with clients to develop appropriate remediation plans;
- Supporting senior members of staff in the sale of security testing assignments;
- Providing thought leadership and direction for the Information Security practice on malware, attack vectors and methods to protect against threats;
- Helping recruit, retain and develop the Information Security team by bringing superior leadership skills;
- Teaming up with colleagues in other lines of services in support of client needs for Information Security services;
- Working either as senior subject matter experts in their field and/or manage teams in delivering client excellence.
Requirements and skills
- Good understanding of Unix, Windows and network security skills.
- Ability to work both independently and perform as a leader in a team environment.
- Offensive Security Certified Professional (OSCP), CREST Registered Tester (CRT) or industry equivalent.
- Degree from an accredited University or equivalent.
- The following skills are not required from applicants but would be considered a differentiator:
- CREST recognised penetration testing certification/accreditation (CREST Certified Tester (CCT) or CHECK Team Leader (CTL).
- Degree in Computer Science, Information Systems, Engineering or related major.
- Experience developing custom scripts or tools used for vulnerability scanning and identification.
- Familiarity with threat modelling and security design review methodologies;
- Support team technical development (e.g. through service development or research) and contribute to company technical processes overall.
- Experience with red teaming tests, physical security testing, phishing and social engineering techniques.
- Experience with sales, scoping and client/project management.
- Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, or Java.
- Bachelor Degree in Information Technology/Computer Science or 5 years of hands on testing experience
- The following certification are a plus: OSCP, OSCE, GIAC (GPEN,GWAPT,GXPN,GCIH,GMOB,GSSP), CEH
- Excellent written and communication skills in English.