Security Validation Consultant - Randburg, South Africa - Absa Bank Limited

Absa Bank Limited

Verified Company

Randburg, South Africa

1 week ago

Posted by:

Thabo Mthembu

beBee Recruiter

Bring your possibility to life Define your career with us

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

Job Summary

The role requires the incumbent to perform research and keep up to date with the technology stacks used within the organisation.

Job Description:

Accountability:
Execution

Determine with relevant stakeholders appropriate testing requirements and potential testing impacts.
Gather intelligence (e.g. network and domain names, mail server) to better understand how a target works and its potential vulnerabilities.
Using available data and technical testing, perform a technical validation on each attack path and determine its likelihood of success.
Model the technical threats that the client would realistically face and identify vulnerabilities that will allow for those attacks.
Explain in detail the attack methodology and logic used in exploiting each vulnerability.
Develop an understanding of the target system business and technical context to prioritize attack paths and threats.
Identify solutions for common security problems and work with engineering teams and developers to remediate.

Accountability:
Stakeholder Management

Build effective working relationship/information flow with key stakeholders.
Hold regular communication sessions with relevant stakeholders.
Interface with stakeholders (General Assurance team, Risk Control Officers and CIOs) in a constructive and professional manner.
Effectively communicate successes and obstacles with team members and line manager.

Accountability:
Reporting

Produce actionable risk and threatbased reports on security testing results.
Ensure that risk statements and attack paths which are proved to be exploitable are reported with appropriate remediation and mitigating recommendations are made.
Assist the junior team members to produce actionable risk and threatbased reports on security testing results.

Education and experience required

Bachelor's degree or related certifications in information systems or related field.
Professional certification, such as CISSP, CEH, CCSP, OCSP or any other related qualification is advantageous.
Previous working experience of at least 3 years as a Penetration Testing Expert preferred.

Knowledge and skills:
(Maximum of 6)

Demonstrable understanding and execution of threat actor tactics, techniques and procedures, vulnerabilities, attacks and countermeasures
Understanding of the cyber kill chain in relation to Advanced Persistent Threats (APTs) knowledge of SIEM technologies and security tooling
Knowledge of compromise frameworks (e.g. OWASP, Mitre Attack tool) and technical threat modelling
Demonstrable understanding and usage of penetration testing tools (e.g. BurpSuite, Metasploit)
Programming ability to be able to create own penetration testing scripts when required
Demonstrate deep technical capabilities across one or more of the following domains Infrastructure, Network, Web Applications, Mobile Applications and Cloud.
Able to explain technical details of assessment as well as how to remediate vulnerabilities found

Education

Bachelor's Degrees and Advanced Diplomas:
Services (required)