Penetration Tester at SUMMIT Africa Recruitment

Your Skills

• Conduct network, application, and mobile penetration tests
• Source code reviews, threat analysis, network assessments, and social-engineering assessments
• These assessments involve manual testing, analysis, and exploitation as well as the use of automated vulnerability scanning/testing tools such as Nmap, SCAP vendors, SAST tooling, Metasploit, Core Impact, Kali and Burp Suite
•  Assessments also involve testing for application performance using Loadrunner, JMeter, and Neoload
•  Development skills (e.g., Python, JSON, .Net Core, React, JS, etc.)
•  Expertise in common application security tools (fuzzers, proxies, code analysis tools, etc.)
•  Experience with successful exploitation of Docker /Kubernetes environments
• Experience with different types of API and privilege escalation tactics
• Knowledge of and ability to map exploits back to the MITRE ATT&CK framework
•  Experience if evading current and nextgen EDR and application security solutions
•  Knowledge of exploiting IOT devices such as video cameras, sensors, and edge devices

How You’ll Apply It

• Gather requirements, analysis, design and execute performance testing to ensure system reliability, capacity and scalability
•  Work with testing team to develop performance test plans and cases, manage tests/projects and communicate report findings
•  Analyze test results and coordinate with development teams for bug fixes
• Generate test summary reports for management review
•  Analyze root causes of performance issues
• Perform validation testing of security vulnerabilities that have been remediated and evidence the results for closure
• Maintain ongoing proficiency in network and application exploitation and performance, tools, techniques, countermeasures, and trends in computer network vulnerabilities, network security and encryption.

What You’ll Have

• 4+ years of experience in information security
• 3+ years of penetration testing experience preferably with a consulting firm or working in controlled environments such as a financial institution or ecommerce company
•  Passion for automation and building rugged code of high quality
•  Love for security, performance, and reliability
• Ability to work with full-stack teams, teach developers, and be a team player
• Knowledge of the tools, tactics, procedures, and counter measures
•  Experience conducting penetration tests, running web application testing tools, performing manual testing and source code review using tools, validating test results, identifying root cause, analyzing vulnerabilities, and helping develop platform specific remediation plans
• Experience in security testing with knowledge of security fundamentals and exploit techniques
• One or more of the following security certifications preferred: GIAC Penetration Tester GPEN, GXPN Offensive Security Certified Professional or similar security certification(s)
• BSc in Computer Science or equivalent degree/experience desired

Extra Credit If You’ve Got It:

• Proficiency in cryptographic protocols and cipher suites
• Thorough understanding of network protocols, data on the wire, and covert channels
•  Source code reviews
• Familiarity with penetration testing methodology and standards
• Deep understanding of Secure SDLC
• OWASP top 10 mitigation approaches – Service based environments e.g. REST
•  Cloud Security - Policies, controls, procedures, and technologies
•  Ability to understand and modify code in a diverse range of programming languages and frameworks
•  Develop scripts to automate the deployment of Azure architecture and solutions
• Advise team of engineers in managing and monitoring continuous Cloud platform monitoring and setting up conditional events to detect and alert
•  Manage and fix Security vulnerabilities identified by the Vulnerability and EDR Systems
•  Experience of automation and provisioning approaches, using tools such as Terraform and PowerShell and JSON
•  In depth knowledge of agile software development tools and methodologies (Continuous integration, git, Azure DevOps, etc.)
• Scripting or programming experience (Python, Go, Bash, PowerShell, etc.)
•  Experience of microservices and container-based systems (Docker, Kubernetes)
•  Experience in implementing common industry frameworks such as: NIST CSF, ISO 27000, COBIT, NIST 800-171, NIST 800-53, CIS, and Critical Security Controls (SANS Top 20)