This is a senior role within the company. You will be a Team Leader for a team of penetration testers who are providing a variety of web application testing, penetration tests and client vulnerability assessments to our clients. You will be primarily responsible for providing penetration testing services of technology infrastructure to customers and will also deliver security auditing and reporting on various client systems such as firewalls (network, database and web application), content delivery systems, content filtering, and authentication systems. You will also assist our Sales Team from a Pre-Sales perspective meeting with Clients and assisting with the RFP process.
The role will entail providing accurate assessment of a client’s requirements, development and presentation of proposed services, delivery of testing services and clear unambiguous reporting of findings to the customer. There is also a strong requirement for leading the interaction with your team and customers to collectively provide solutions to complex customer issues. It is a crucial requirement for you to lead your team to ensure a “Best in Class” InfoSec Team.
- Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our clients
- Review and define requirements for information security solutions in conjunction with the Sales Team.
- Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
- Participate in Security Assessments of networks, systems and applications
- Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
- Liaise with customers and define testing requirements and parameters, documenting an effort estimation, terms of engagement and final report.
- Present findings and recommendations to clients
- Identify new technologies and guide the direction of the Information Security Team.
The role requires flexibility and the ability to work extra hours when the business calls for it.
- The prospective candidate will be expected to participate in on-going technical certifications for the benefit both of the business and for self-development.
- Travel (national and international) may be required as part of this role, and as such a clean driving license and access to a car are essential.
What you will bring to our clients:
- Conceptual knowledge of Information Security
- Ability to follow processes and procedures
- Excellent communication skills when dealing with customers
- Ability to be able to pick up on a constant changing schedule of events and work projects
What you will bring to us:
- Five years in a Penetration Testing role with experience of multi sector organisations and managing/leading a team
- Previous experience assisting with Pre-Sales and articulating RFPs.
- The ability to demonstrate a dynamic interest in solving technical issues; analytical ability to break down problems into constituent parts; flexibility to handle several technical issues simultaneously.
- To show an active interest in the area of information security and to be an active member of the InfoSec community
- The ability to communicate well and demonstrate a good understanding of customer issues together with the aptitude to develop a natural empathy with customers in relation to their business requirements.
- Strong report writing capability and the ability to adapt your writing style to different audiences
- The ability to work in a team environment and on your own initiative and the desire to work on escalated issues from other team members.
- Experience with at least two of the following tools: Python, Perl/Ruby, Burpsuite/ZAP, Linux, Nessus, Qualys, Nexpose.
- Knowledge of the OWASP Top Ten vulnerabilities
What would be nice to have:
- CISSP, CISA, CEH, OSCP or other information security certifications
- Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE
- Vulnerability and threat management experience
- Experience with various security tools and products (Fortify, AppScan, etc)
- Good understanding of the components of a secure DLC/SDLC
- Vulnerability Analysis and application reversing skills
- Understanding of Cryptography principles