We're looking for a Security Testing Senior Consultant to conduct test simulating cyber attacks to find exploitable weaknesses and define remediation plans; simulates a threat actor attempting to gain unauthorized physical or logical access to an environment.
You are expected to identify security vulnerabilities during software development lifecycle to ensure security by design and default. You will develop and execute cybersecurity test plans, ensuring test quality and managing resource planning and
the resolution of issues that may impede the test effort.
As a team lead, you will mentor junior consultants and be a security thought leader within the client and SGV.
Your Key Responsibilities:
You will work on various Security Testing and Assurance projects for our clients or internal projects.
As a team lead, team member or individual contributor, execute or lead security testing and assurance projects.
These may include:
- Conduct test on mobile and web applications
- Conduct social engineering
- Execute red team scenarios
- Conduct security audits
- Coordinate with client operations and development teams to remediate or accept risks
- Prepare security assessment reports
- Provide guidance, coordinate and support teammates to execute security design and assurance projects
- Guide and review your peers and junior team members and provide timely and constructive feedback
- Prepare reports, documents and schedules that will be delivered to clients and other parties
- Conduct research to provide value adding advice to the client
- Contribute ideas with the team to complete and improve project output
- Help in performance reviews and contribute to performance feedback for staff/junior level team members
- Develop positive relationship with client personnel, peers and management
- Join and facilitate internal and external training, mentoring, learning and certification opportunities
- Participate in organization-wide people initiatives including thought leadership and recruitment activities
Skills and attributes for success:
- A successful candidate will need a combination of technical and communication skills, as well as the ability to handle a mix of diverse testing activities and project work.
- Technical knowledge. Able to demonstrate and apply security concepts; knowledge of system and application security threats and vulnerabilities; current and emerging threats / threat vectors; principles used to manage risks related to the use, processing, storage and transmission of information or data; incident response and handling methodologies; methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection and remediation tools and procedures utilizing standards-based concepts and capabilities; the risk associated with new and emerging information technology (IT) and cybersecurity technologies
- Mentoring. Able to guide and coach team members in career progression and service delivery
- Teaming. Able to build relationships across business and promoting a collaborative culture across teams
- Client relationship. Able to build deep relationship with clients to understand their challenges better and align the right solutions
- Innovative and transformative mindset. Able to understand complex problems and respond with innovative and transformative solutions
- Communication and presentation skills. Able to deliver high quality deliverables articulated in written reports and communicated during presentations to both IT and business audiences.
To qualify for the role, you must have:
- A bachelor's degree in IT, computer science, computer engineering, management, business administration, or any related field
- At least one year of relevant experience in security testing and are comfortable using the following software and programs:
- Security assessment tools such as Burpsuite, SQLmap, nmap, Nessus, Rapid7
- Operating systems such as Windows, Linux, Unix and web platforms
- Programming languages and frameworks such as SQL, C++, javascript, ruby, python
- Indepth understanding of OWASP Top 10 and ability to effectively communicate methodologies and techniques with the development teams
- Hands on experience of penetration testing which in various networks, web
- application, social engineering and physical penetration testing
- Good understanding of security practices on vulnerability assessment, penetration testing, network security, security operations, software development
- Good understanding of web services, distributed systems or mobile applications
- Good written and verbal technical communication skills
- Desire to learn new techniques, frameworks and technologies
- Willingness to take cybersecurity certifications and external trainings
Preferably, you also have:
- Relevant professional certification such as CISSP, CISA, CEH, OSCP, or other similar industry recognized certifications
- Ability to juggle many tasks and projects in a fast-moving environment
- Support SDLC and agile environments which application security testing
- Ability to develop automated solutions to execute security testing
- Good understanding of cloud security and modern architecture (microservices, serverless and automated delivery) and testing in these environments
- Experience in working in consulting roles, interacting with clients, third parties or security vendors
- Good understanding of cryptography as applied in security such as SSL and key management
- Good understanding of secure software development lifecycle, DevSecOps, automated software delivery
- Good understanding of cloud security and modern architecture
- Hands on experience with IT security (application security, threat modeling, vulnerability assessment, penetration testing, security operations)
What's in it for you:
- We offer a competitive remuneration package where you'll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, benefits that suit your needs, covering holidays, health and well-being, insurance, savings, and a wide range of discounts, offers and promotions.
Plus, we offer:
- Continuous learning: You'll develop the mindset and skills to navigate whatever comes next.
- Success as defined by you: We'll provide the tools and flexibility, so you can make a meaningful impact, your way.
- Transformative leadership: We'll give you the insights, coaching and confidence to be the leader the world needs.
- Diverse and inclusive culture: You'll be embraced for who you are and empowered to use your voice to help others find theirs.