Home / Jobs / Offensive Security Tester

Offensive Security Tester

Industry: Finance / Job Expires: 2023-08-09 06:40:43 / Location: Gauteng

Share job:

Purpose

Performing a range of penetration testing activities- including web, APIs, mobile and infrastructure, and identifying vulnerabilities and providing remediation steps. Exploiting security vulnerabilities in web-based applications, mobile application, infrastructure networks and systems. Perform red teaming or attack simulation on business critical infrastructure and applications to identify and resolve security flaws. Contributing to the development and continual improvement of methodologies, standards, tools and approaches for the Red Team. Setup and configure vulnerability scanning tool and rate the risk according to Common. Vulnerability Scoring System (CVSS). Coordinate with involved parties and monitor remediation activities. Collaborate with the SOC team to close the findings and provide the control objective assurance. Provide guidance to the development teams on secure coding best practices. Provide guidance to application groups on application security best practices Remain relevant to industry regarding known vulnerabilities.

Minimum requirements

  • Diploma/BSc Degree in Computer Science/Information Technology or equivalent.
  • Industry level certifications are a plus (e.g., OSCP, OSCE, OSEE, CISSP, CISM, CEH, and CSSLP).
  • 5 years of experience as an offensive security expert and/or penetration tester.
  • Knowledge in common vulnerability scanners, e.g. Nessus, OpenVAS, Qualys, Nexpose).
  • Understanding of penetration testing tools and techniques (Metasploit, Burpsuite, Kali, SQLmap, etc.).
  • Ability to demonstrate effective application vulnerability and penetration-testing skills including Injection, XSS, and XXE attacks in web applications.

Main duties

  • Treating Customers Fairly and Compliance.
  • Technology Leadership.
  • Security Integration.
  • Operational excellence.
  • Service Excellence.
  • Enabling.
  • Governance.

Key competencies

  • Ability to demonstrate effective skill in software engineering principles, frameworks and technologies.
  • Be able to demonstrate a solid understanding of disciplines in change control, security, performance monitoring, on-going administration and documentation.
  • Competency in common operating systems (e.g. Windows, macOS, Linux).
  • Good understanding of Secure SDLC processes and procedures and how to implement secure coding practices within the software/application.
  • Knowledge to exploit vulnerabilities in order to gain access and expand access to remote system.

N.B: By responding to this advert, you consent to Heitha Staffing Group processing your personal information for recruitment purposes and confirm that any personal information has been submitted voluntarily. Applicants will be requested to fill in and sign a POPI Act Consent Form.

Only shortlisted candidates will be contacted. If you have not heard from us in 4 weeks, consider your application unsuccessful.

To apply please send your CV to lethabo@heitha.co.za.

Apply for this job