Security Validation Consultant - Randburg, South Africa - Absa Bank Limited
Description
Bring your possibility to life Define your career with us- With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.
The role requires the incumbent to perform research and keep up to date with the technology stacks used within the organisation.
Job Description:
Accountability:
Execution
- Determine with relevant stakeholders appropriate testing requirements and potential testing impacts.
- Gather intelligence (e.g. network and domain names, mail server) to better understand how a target works and its potential vulnerabilities.
- Using available data and technical testing, perform a technical validation on each attack path and determine its likelihood of success.
- Model the technical threats that the client would realistically face and identify vulnerabilities that will allow for those attacks.
- Explain in detail the attack methodology and logic used in exploiting each vulnerability.
- Develop an understanding of the target system business and technical context to prioritize attack paths and threats.
- Identify solutions for common security problems and work with engineering teams and developers to remediate.
Accountability:
Stakeholder Management
- Build effective working relationship/information flow with key stakeholders.
- Hold regular communication sessions with relevant stakeholders.
- Interface with stakeholders (General Assurance team, Risk Control Officers and CIOs) in a constructive and professional manner.
- Effectively communicate successes and obstacles with team members and line manager.
Accountability:
Reporting
- Produce actionable risk and threatbased reports on security testing results.
- Ensure that risk statements and attack paths which are proved to be exploitable are reported with appropriate remediation and mitigating recommendations are made.
- Assist the junior team members to produce actionable risk and threatbased reports on security testing results.
- Bachelor's degree or related certifications in information systems or related field.
- Professional certification, such as CISSP, CEH, CCSP, OCSP or any other related qualification is advantageous.
- Previous working experience of at least 3 years as a Penetration Testing Expert preferred.
Knowledge and skills:
(Maximum of 6)
- Demonstrable understanding and execution of threat actor tactics, techniques and procedures, vulnerabilities, attacks and countermeasures
- Understanding of the cyber kill chain in relation to Advanced Persistent Threats (APTs) knowledge of SIEM technologies and security tooling
- Knowledge of compromise frameworks (e.g. OWASP, Mitre Attack tool) and technical threat modelling
- Demonstrable understanding and usage of penetration testing tools (e.g. BurpSuite, Metasploit)
- Programming ability to be able to create own penetration testing scripts when required
- Demonstrate deep technical capabilities across one or more of the following domains Infrastructure, Network, Web Applications, Mobile Applications and Cloud.
- Able to explain technical details of assessment as well as how to remediate vulnerabilities found
Bachelor's Degrees and Advanced Diplomas:
Services (required)
- Absa Bank Limited reserves the right not to make an appointment to the post as advertised_
More jobs from Absa Bank Limited
-
Specialist: Learning and Development
Johannesburg, South Africa - 1 week ago
-
Specialist Risk Measurement: Aro Wholesale Credit
Sandton, South Africa - 5 days ago
-
Officer 1 Business Development Ffs
Johannesburg, South Africa - 3 days ago
-
Home Loans Kyc Fic
Johannesburg, South Africa - 1 week ago
-
Actuarial Analyst
Johannesburg, South Africa - 5 days ago
-
Junior Learner
Johannesburg, South Africa - 3 days ago