Penetration Tester at Capitec Bank

Purpose Statement

• The incumbent will form part of the Cyber Offence team, whose goal is to ensure that the business is prepared and skilled to mitigate any cyber security threat.
• The incumbent will play a major role in developing “world-class” cyber security capabilities within the Bank.

Experience

Min:

• 3+ years experience in security testing

Ideal:

• 2 - 3 years’ financial services / banking background
• 5+ years experience in security testing

Qualifications (Minimum)

• Grade 12 National Certificate / Vocational
• Certification in Information Systems Auditing (CISA) or CISSP

Knowledge

Min:

• Manual and automated security testing of infrastructure, networks, and web applications\services
• Technical vulnerability assessments (CVE and CVS database knowledge)
• Best practice technical reviews; using company and industry standards
• Common network protocols, system architecture, and operating systems
• Logical access reviews and audit
• Common cyber-attack techniques
• Working within technically adept teams
• Strong communication and reporting skills, articulate risk to business
• Solution and white-boarding of systems to be assessed
• Ability to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)
• Experience in testing web services, web\mobile applications, and cloud applications
• Proficiency with pen-testing tools (Security distro’s and intercepting proxy tools)
• Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT
• Understanding of system architectures and platforms (e.g. Windows, Unix, Linux and RedHat)
•  Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL and Oracle)
• Understanding of networking protocols and architectures, WAF’s, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls and perimeter security technologies

Ideal:

• Building an internal security testing team
• Cyber Security Threat modelling and Attack-Path mapping
• Conducting and participating in Red-Team\Purple teaming exercises
• Experience with the Agile and DevOps models
• Banking\financial systems knowledge
• Familiarity with industry regulatory requirements, specific to information security
• Proficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)
• Red-Team training within a Microsoft AD networked environment
• C2 staging and implementation environments
• Research and development leading to automation and development of tools to aid in streamlining testing
• Reverse engineering of malware\exploits

Skills

• Communications Skills

Competencies

• Achieving Personal Work Goals and Objectives
• Delivering Results and Meeting Customer Expectations
• Working with People

Additional Information

• A valid driver's license and own vehicle is preferred
• Clear criminal and credit record
• Contactable via own mobile phone
• Required to be available after hours in case of emergency
• Willingness to work or be available overtime and / or weekends if required