Description:
Our Federal Government Client is looking for a Penetration Tester to be responsible for testing and investigating security infrastructure within their organisation. This role will analyse IT systems to determine configuration weaknesses and faults that could affect security and business. Cyber Security Penetration Tester Experts will conduct complex penetration testing and highly sensitive vulnerability assessment activities. This role will lead the delivery of flexible and quality customer service work under the broad direction of senior staff to deliver results.
Primary Technologies
- Network Scanning tools, eg Nmap and Nessus.
- Exploitation Frameworks, eg Metasploit.
- Web Application Testing tools, Burp Suit.
- Password cracking tools eg John the Ripper and Hashcat.
- Active Directory tools eg Sharphound, Bloodhound, Impacket, Rubeus, Certi
Key Duties May Include, But Are Not Limited To
- Oversee the execution of test cases using in-depth technical analysis of risks and typical vulnerabilities.
- Lead cyber penetration testing and vulnerability assessments using relevant tools and methods against a variety of technologies.
- Conduct and lead complex threat simulation activities to identify weaknesses and/or opportunities in technical security controls.
- Oversee the catalogue of test findings and potential measures oversee and approve security testing plans.
- Provide highly technical subject matter expertise to system owners and stakeholders in order to improve system security posture conduct highly complex analysis and research to identify improvements to cyber threat tools, techniques and procedures.
- Perform web application and mobile penetration testing against complex enterprise platforms using a variety of technologies.
- Conduct infrastructure penetration testing against enterprise grade systems collaborate with system owners to develop test scope and preparation for testing ensuring remediation has been completed.
- Effectively review reports, briefs and documentation and communicate technical findings and recommendations.
Mandatory Criteria
- Experience conducting web application penetration testing against complex enterprise platforms built with a variety of technologies such as Java, NodeJS, Angular, SAP, IBM WebSphere, OpenShift, Azure and Active Directory.
- Experience in the development of penetration testing reports detailing vulnerabilities, priority ratings, recommended treatments and an executive summary detailing business impacts and systemic recommendations.
- Demonstration of practical skills in a live assessment conducted on-site.
Desirable Criteria
- Experience working with system owners to develop a test scope, prepare for testing and ensure remediation has been completed effectively.
- Experience conducting mobile penetration tests.
- Experience undertaking penetration testing against enterprise grade, infrastructure hosted on both Windows and Linux based platforms.
- Experience working as part of a team on large scale engagements.
- Experience conducting web application penetration testing.
- Experience mentoring and developing the skills of junior penetration testers.
- Experience improving penetration testing processes including automation of common tasks.