Penetration TesterCapitec Bank

• To ensure that the business is prepared and skilled to mitigate any cyber security threat through
• Assessing and testing the applications and processes of the Bank.
• Identifying potential areas of weaknesses from a security perspective.
• Playing a key role in developing world class cyber security capabilities within the Bank by means of knowledge transfer, education, training and research.

Experience

MINIMUM:

• 3 – 5 years’ experience in cyber security testing
• Risk identification and communication relating to cyber security

IDEAL:

• 5+ years in cyber security testing
• 2 – 3 years financial services / banking experience 
• Experience with the Agile and DevOps models

Qualifications (Minimum)

• Grade 12 National Certificate / Vocational
• Certification in Information Technology

Qualifications (Ideal or Preferred)

A relevant tertiary qualification in Information Technology or Information Technology - IT Engineering

Knowledge

MINIMUM:

• Manual and automated security testing of infrastructure, networks, and web applications\services
• Technical vulnerability assessments (CVE and CVS database knowledge)
• Best practice technical reviews; using company and industry standards
• Common network protocols, system architecture, and operating systems
• Logical access reviews and audit
• Knowledge of TTP's/MITRE Attack Framework, threat-attack landscape
• Strong communication and reporting skills, articulate risk to business
• Solution and white-boarding of systems to be assessed
• Ability to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)
• Experience in testing web services, web\mobile applications, and cloud applications
• Proficiency with pen-testing tools (Security distro’s and intercepting proxy tools)
• Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT 
• Understanding of system architectures and platforms (e.g. Windows, Unix, Linux and RedHat)
• Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL and Oracle)
• Understanding of networking protocols and architectures, WAF’s, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls and perimeter security technologiesEnd User Infrastructure Service technologies (e.g. Print Management Solutions)

IDEAL:

• Cyber Security Threat modelling and Attack-Path mapping
• Conducting and participating in Red-Team\Purple teaming exercises
• Familiarity with industry regulatory requirements, specific to information security
• Proficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)
• Reverse engineering of malware\exploits

Skills

• Communications Skills
• Computer Literacy (MS Word, MS Excel, MS Outlook)
• Attention to Detail
• Analytical Skills
• Problem solving skills

Conditions of Employment

Clear criminal and credit record