Cyber Security Lead/ Senior Penetration Tester at Capitec Bank

Job description

Purpose of role:

Play a major role in developing world class cyber defence capabilities within the bank

To lead and develop the penetration testing team to ensure that the business is prepared and skilled to mitigate any cyber security threat.

Knowledge:

• Technical vulnerability assessment
• Manual and automated penetration testing; network and web applications
• Best practice technical reviews; using company and industry standards
• Logical access reviews and audit
• Common cyber-attack techniques
• Managing small, technically adept teams
• Familiarity with industry regulatory requirements, specific to information security

Ideal:

• Building an internal penetration testing team
• Familiarity with penetration testing standards (NIST, PTES)
• Familiarity with cyber security guidance (CIS CSC, ASD)
• Planning and conducting purple team exercises

Skills:

• Demonstrated experience with security assessment methods and penetration testing techniques
• Demonstrated experience in identifying risk and the development of mitigation plans
• Demonstrated experience using security testing tools (Nessus, Metasploit, Burp/ZAP, Kali)
• Demonstrated experience with a scripting language (Python or Powershell preferred)
• Significant experience with Microsoft Active Directory, SQL, SharePoint
• Significant experience with various operating systems (Windows, Redhat preferred)
• Advanced understanding of attacker methodologies and tactics, including kill-chain analysis
• Familiarity with cryptographic protocols and cipher suites
• Familiarity with cyber security threat modelling
• Familiarity with Agile and DevOps models
• Ability to work within a fast-paced environment as part of a high performance team
• Uncompromising ethics and confidentiality
• Relationship management skills

Experience:

• 8+ years’ proven experience in Information Security
• 2+ years’ experience leading a technical team (preferred)
• 5+ years’ experience in Penetration testing

Qualifications:

• Grade 12 / Matric
• A relevant Information Security certification (CISA , CISSP, CISM)
• Ethical Hacking Training (CEH, GPEN)
• A relevant IT tertiary qualification or OSCP would be advantageous

Additional requirements

• Excellent communication skills (verbal and written) in English
• Attention to detail
• The incumbent may be required to work overtime, weekends and be available on standby when required and be contactable
• Own reliable transport and valid driver’s license would be preferred
• Clear credit record
• Clear criminal record