Role description: (Please include a brief outline of the impact this role will have, including overview of customer industry and projects, access to cutting-edge technology etc.)
Understanding a Scope of Work (SOW) is crucial for delivering professional services that meet customer expectations, including vulnerability assessments and penetration testing with both commercial and open-source tools. Conducting tests by established frameworks like OWASP helps identify security weaknesses. Key responsibilities include simulating attacks on customer systems, providing comprehensive security assessments across various technologies, and evaluating social engineering tactics. Analyzing vulnerability data to eliminate false positives is essential for accurate reporting. Effective communication of findings to non-IT stakeholders and resolving technical issues is vital. Additionally, researching and developing innovative testing tools and understanding information security standards like PCI DSS and HIPAA are important.
Key responsibilities: (Up to 10, Avoid repetition)
•Conduct threat modeling, vulnerability assessments, and ethical hacking across networks, operating systems, and web applications, ensuring a thorough evaluation of security measures.
•Engage in the collection and analysis of Open-Source Intelligence (OSINT) to uncover information leaks, while offering expertise in offensive security testing to evaluate organizational defenses.
•Collaborate with clients to establish their testing needs, including the specific systems and types of assessments required.
•Develop and execute innovative penetration testing techniques, while also identifying human error-related security gaps and providing recommendations to enhance security practices.
Key skills/knowledge/experience: (Up to 10, Avoid repetition)
•Comprehensive knowledge of computer systems and their functionalities, enabling effective operation and troubleshooting.
•Strong verbal and written communication skills to convey methodologies clearly to both technical and non-technical stakeholders.
•Meticulous attention to detail for planning and executing tests aligned with client specifications, alongside the ability to creatively and strategically address security challenges.
Person specification: I.e., negotiating, client facing, communication, assertive, team leading/team member skills, supportive.
•Strong communication and collaboration skills to engage both technical and non-technical stakeholders.
•Ability to work in high-pressure environments and prioritize competing demands effectively.
•Analytical mindset with a proactive approach to problem-solving and risk mitigation.