Penetration Tester
Description:
Job Summary
Plan, document test methodologies and perform penetration testing or ethical hacking of network infrastructure, application systems including mobile applications all in a stealthy operation without being detected, in order to identify potential security weaknesses in the system.
Collaborate with ITG developers by communicating the back doors/security weaknesses identified and providing inputs in correcting the security flaws.
Establish red team procedures in conducting red team exercises.
Job Description
Perform threat analysis, wireless network assessments, and social-engineering assessments including physical security assessments to develop test scenarios.
Conduct network and system security scans.
Perform manual and automated hacking techniques on network infrastructure, computer systems, web and mobile applications.
Search for weaknesses and recommend corrective measures to prevent potential attacks.
Evade intrusion prevention systems, intrusion detection systems, firewalls, and honeypots to ensure they are effective and reinforced when necessary.
Identify methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
Develop abuse cases and testing methods to identify vulnerabilities in business logic. Develop/update scripts/tools to enhance penetration testing processes.
Research, evaluate, document and discuss findings with IT teams and management.
Collaborate with IT teams to remediate the vulnerabilities.
Effectively communicate findings and remediation strategy to stakeholders.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
Review, verify and provide feedback on information security fixes.
Establish improvements for existing security services, including hardware, software, policies and procedures.
Observe business continuity and its operations when performing testing (i.e. minimize downtime and loss of employee productivity).
Stay updated on the latest malware and security threats.
Assist in cyber security investigations.
Recognize the safe utilization of attacker tools, tactics, and procedures.
Keep abreast with the latest attack vectors, hacking methods, ethical hacking/pen testing techniques and new penetration testing tools.
Analyze security policies and configurations for effectiveness against an attack and make necessary suggestions on security policy and configuration improvements.
Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security plans and strategies.
Perform other information security governance, risk and compliance related duties and responsibilities as directed by the Department Head.
Summary of role requirements:
Looking for candidates available to work:
Monday: Morning
Tuesday: Morning
Wednesday: Morning
Thursday: Morning
Friday: Morning
More than 4 years of relevant work experience required for this role
Working rights required for this role
Full time