As a senior penetration tester, you will be responsible for overseeing and evaluating the security of Tenerity's IT infrastructure by continuously assessing and executing proof of concept exploits against identified vulnerabilities to find out where hacking threats may lie. You will be expected to assist junior testers with the understanding on findings and vulnerabilities. You will have the opportunity to select, design and create your own testing framework and tools as part of establishing Tenerity's pen testing framework.
In addition, you will assist Tenerity's IT Audit department in a compliance analyst's role ensuring Tenerity complies with the industry's laws and regulations. In your work, you may examine practices and policies within the business, identify areas where they are out of compliance, and offer suggestions for how to make necessary modifications. This requires regular review and research into governing authorities current rules and regulations.
Responsibilities
- Design, document and implement your pen testing methodology based on industry norms
- Select, design and create appropriate tools for testing
- Managing and delivering security testing assignments
- Performing a variety of security testing assignments, including red teaming, infrastructure and applications (Web, API & Mobile)
- Defining the scope for security testing assignments
- Managing complex multi-faceted security testing assignments
- Developing and quality assuring security test reports
- Working with internal clients and stakeholders to develop appropriate remediation plans
- Working as a senior subject matter expert in your field
- Develop solutions for practices that are out of compliance.
- Monitor departments to ensure compliance with company policy and industry regulations.
- Prepare reports for management.
- Provide updates to team members and management when regulations change.
- Review current practices to ensure they stay within the boundaries of the law.
- Review data security.
- Train team members to use best practices that align with regulations.
Qualifications
- 3+ years of application and infrastructure penetration testing experience above and beyond running automated tools
- A good understanding of Unix, Windows and network security skills.
- Excellent knowledge of PCI DSS, ISO 27001/2022 and ITGC.
- Strong written and communication skills in English
- Ability to supervise others and work independently
- Offensive Security Certified Professional (OSCP), CREST Registered Tester (CRT) or industry equivalent such as CHE, GIAC-GPEN
- Degree from an accredited University or equivalent.
- Strong administrative skills, proficiency with office productivity software, MS Word, MS Excel, MS PowerPoint, MS Access, MS Visio, SharePoint, Wiki Markup Language.
- Basic understanding of ethical hacking techniques, digital forensics, TCP/IP and related network protocols and services.
The following skills are not required from applicants but would be considered a differentiator:
- CREST recognised penetration testing certification/accreditation (CREST Certified Tester (CCT) or CHECK Team Leader (CTL)
- Degree in Computer Science, Information Systems, Engineering or related major
- Experience developing custom scripts or tools used for vulnerability scanning and identification
- Familiarity with threat modelling and security design review methodologies
- Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, or Java
- Experience with red teaming tests, physical security testing, phishing and social engineering techniques
