Description
Penetration tester provides quality web application security audits across the various IT functions to ensure quality standards, procedures & methodologies are being followed.
Responsibilities
- Incorporate business considerations
- Contributes to developing and implementing tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, ISO, to ensure useful, measurable, and repeatable methods applied to quantifying risk
- Publish security
- Collaborating with a variety of internal stakeholders (security consultants, project managers, development teams, security architects, technical SME’s) to deliver high quality penetration tests
- The production of penetration test reports which highlight and clearly articulate vulnerabilities and weaknesses to stakeholders in non technical language
- Developing testing plans to successfully conduct application testing, infrastructure testing, scenario based testing, process testing, social engineering consistently throughout DLG
- Reporting on and suggesting fixes to vulnerabilities identified
- Managing remediation of vulnerabilities with Business owners, 3rd party vendors and internal resources
- Identifying potential network, system, application and physical security vulnerabilities
- Researching existing exploit code and developing mitigation strategies evaluation and implementation
Qualifications
- Interest in security vulnerabilities and exploitation (as a practitioner)
- Bachelors / Masters in Computer Science, Information Systems or equivalent
- Experience in performing penetration testing in cloud based environments is a plus
- Network traffic analysis expert
- Innate knowledge of the strengths and weaknesses of operating systems, network and security appliances, application language and software being used