Security Testing Engineer - Financial Services -Johannesburg at Expleo Group

About the job

Expleo is a trusted partner for end-to-end, integrated engineering, quality services and management consulting for digital transformation. We are looking for a Security Testing Engineer to join our dynamic team.

This role will be responsible for conducting security tests within the Quality Assurance team. This position involves planning and conducting security testing of all applications as part of quality assurance as well as advising teams on security controls that need to be implemented. The role requires the tester to be able to learn new technologies “on-the-fly" to be able to perform an in-depth analysis of the security posture of many different applications. The tester will also be tasked with using custom and automated software for various engagements. The candidate will produce detailed reports of their findings along with guidance for remediation and will be responsible for delivering those findings to subject matter experts as well as other teams.

Works independently taking full responsibility for a certain area. Works on quality engineering projects using available frameworks and tools and establishing plans for projects with on-time and on-budget project goals. Primary role in Quality Engineering in the areas of analysis and design, implementation and system integration, and execution, in line with agreed plans and strategies.

Responsibilities

• Provide assurance through collaboration with other stakeholders that applications, APIs, websites and mobile applications meet the security requirements before they are deployed to production.
• Perform security tests on applications, APIs, websites and mobile applications.
• Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses.
• Search for weaknesses in common software, web applications, mobile applications and proprietary systems before they are discovered by hackers.
• Research, evaluate, document and discuss findings with IT teams and management.
• Review and provide feedback for information security fixes.
• Stay updated on the latest malware and security threats.

Qualifications
Essential:

• Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience
• Certification in Cybersecurity

Desirable:

• Additional course or certification in Quality Engineering
• Certification in Ethical Hacking, Vulnerability or other aspects of IT security testing such as CEH or equivalent.

Skills

• Basic programming skills required (basic knowledge of common programming languages used for application development).
• Knowledge of API security testing and API frameworks.
• In-depth knowledge of vulnerability testing/security assessment tools used.
• In-depth knowledge of open-source security testing tools and security testing frameworks.
• Unix and Linux knowledge required.
• Ability to “think like the enemy” in order to combat the full range of techniques and strategies that hackers might employ, or even anticipate new ones.
• Comprehensive knowledge of computer security, systems analysis and more.
• Insight into how hackers exploit the human element to gain unauthorized access to secure systems.
• A clear understanding of how computer security breaches can disrupt business, including the financial and managerial implications.
• Exceptional problem-solving skills.
• Strong analytical skills, able to leverage complex data to identify opportunities, recognize problems, and draw logical conclusions.
• Communication and documentation skills to compile reports to document and share your findings.

Experience
Technical:

• 3 to 5 years of experience in general cybersecurity:
• 2 years of hands-on experience in vulnerability assessments.
• Experience in performing security assessments in Cloud environments (AWS, Azure, Google).
• Understanding of defensive controls and how to bypass/evade them.
• Experience in using and customizing commercial and open-source security assessment and security testing tools such as Metasploit and Burp Suite.
• Experience in one or more computer programming and scripting languages with the ability to create or customize tools as needed.
• Experience with open security testing standards and projects such as OWASP and SANS Top 25.
• Experience with API, web and mobile application or systems testing is required.
• Familiarity with the following:

1.  Database, cloud, and web security testing.
2. Secure web and application development practices.
3. Analyzing and debugging API frameworks.

• Experience in manual and automated vulnerability scanning and security testing.
• Understanding of web-based security vulnerabilities, ability to identify and exploit them (e.g. XSS, CSRF, session management issues, etc.)
• Desirable but not required: Experience in mobile (iOS/Android) application security assessments.
• Desirable but not required: Experience in Internet of Things (IoT) security.
• Desirable but not required: Experience in Bug Bounty programs.

Management:

• Good people skills, with experience in supporting others in raising their performance and working out their development goals.
• Experience in supporting team success and motivating others to keep morale and performance high.
• Good self management.
• Can set and work to quantified goals and standards.
• Delivers by being aware of and considering the commercial impacts.
• Must be flexible, independent and self motivated.

Budget:

• Ability to manage own expenses and adhere to the expense policy.
• No specific budget assigned.