POSITION SUMMARY:
The Analyst (Red Team), Information Security is to carry out Penetration Testing exercises and vulnerability management activities including planning, coordinating executing and reporting on sophisticated ethical hacking and penetration testing scenarios that simulate the tactics, techniques, and procedures of a variety of threat actors.
He/she manages the vulnerability and secure configuration assessment process and activities to include planning, coordinating and executing vulnerability and configuration scanning and remediation of valid scan results.
PRIMARY RESPONSIBILITIES:
1. Responsible to carry out Vulnerability Assessment and Penetration Testing to identify the weakness
2. Assists in developing cyber-threat & vulnerability management strategies relating to Network & application penetration testing and other security assessments
3. Aligns vulnerability management and penetration testing functions with the organization’s overall business objectives by reducing information technology’s exposure to vulnerabilities
4. Assists in managing penetration testing processes and procedures, and produce meaningful metrics and reports
5. Assists in managing remediation including mentoring vulnerability management and penetration testers in working with Information Technology to architect solutions
6. Responsible to conduct security assessment across a wide range of technologies, this includes:
a. Network Penetration tests
b. Web Application Penetration tests
c. Application Penetration tests
d. Red Team engagements
e. Cloud Infrastructure Pentest (AWS, Azure, Alibaba etc.)
f. Mobile application Penetration tests (Android, IOS, Windows Mobile) Embedded device tests
g. Reverse software engineering
h. Data exfiltration tests
i. Cryptographic strength assessments
j. Manual Vulnerability Testing and Verifications
k. Manual Configuration Weakness Testing and Verifications
l. Exploit Developments
m. Phishing Campaigns
n. Wireless security architectures, scanning, rogue detection and prevention and secure
o. Configurations
p. Source Code Scanning/reviews
q. Remediation tests
7. Probes for vulnerabilities in web applications, fat/thin client applications and standard applications
8. Pinpoints methods that attackers could use to exploit weaknesses and logic flaws
9. Performs Custom exploit development
10. Assists in building and incorporating Security as a process in the SDLC phases
11. Researches and develops testing tools, techniques, and process improvements
12. Stays highly relevant by researching and discovering the newest security vulnerabilities and issues /threats
13. Assists in reviewing and defining requirements for information security solutions
14. Performs information security incident response and investigation activities
15. Performs Forensic Analysis
16. Assists in working on the improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
QUALIFICATIONS:
I. Experience
1. 3+ years of relevant experience in penetration testing and security assessments
2. Requires in depth experience and knowledge of enterprise IT concerns and niche technologies such as IOT, Blockchain, AWS etc.
3. Approximately 2 years of experience preferred in one or more following area:
a. Penetration testing (black box/white box)
b. Application penetration test and Source code reviews
c. Security testing of web-based applications
d. Mobile Application Penetration Testing (Android, IOS, Windows Mobile)
e. Cloud, Network, Wireless Network and Infrastructure Penetration Testing
II. Education
Bachelor’s degree in Computer Science or Information Security equivalent
III. Skills / Competencies
1. Certified Ethical Hacker (CEH) or GIAC (Global Information Assurance Certification) or Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) is highly desirable
2. Proven excellence in researching, organizing, writing, and presenting technical information Capacity to work independently and in a team environment, with project management skills
3. Must have excellent analytical skills, multi-tasking skills and have solid project management
4. Ability to understand relationship between business processes, priorities, risk and their underlying technologies and security risks
5. Ability to work in a fast-paced environment
6. Achieves agreed objectives and accepts accountability for results
IV. Other Attributes
1. Displays a high commitment to delivering results
2. Communicates effectively
3. Displays the highest level of integrity
4. Ability to maintain discretion
5. Self-motivated
6. Approachable