Summit Africa RecruitmentSummit Africa Recruitment
Job title: Penetration Tester
Employment type:Full Time
Experience:4 to 10 years
Salary:R45000 to R75000
Job published:29 June 2020
Job reference no:3368242844

Job Description

Duties:

  • Conduct network, application, and mobile penetration tests
  • Source code reviews, threat analysis, network assessments, and social-engineering assessments
  • These assessments involve manual testing, analysis, and exploitation as well as the use of automated vulnerability scanning/testing tools such as Nmap, SCAP vendors, SAST tooling, Metasploit, Core Impact, Kali and Burp Suite
  • Assessments also involve testing for application performance using Loadrunner, JMeter, and Neoload
  • Development skills (e.g., Python, JSON, .Net Core, React, JS, etc.)
  • Expertise in common application security tools (fuzzers, proxies, code analysis tools, etc.)
  • Experience with successful exploitation of Docker /Kubernetes environments
  • Experience with different types of API and privilege escalation tactics
  • Knowledge of and ability to map exploits back to the MITRE ATT&CK framework
  • Experience if evading current and nextgen EDR and application security solutions
  • Knowledge of exploiting IOT devices such as video cameras, sensors, and edge devices

 

Requirements: 

  • 4+ years of experience in information security
  • 3+ years of penetration testing experience preferably with a consulting firm or working in controlled environments such as a financial institution or ecommerce company
  • Passion for automation and building rugged code of high quality
  • Love for security, performance, and reliability
  • Ability to work with full-stack teams, teach developers, and be a team player
  • Knowledge of the tools, tactics, procedures, and counter measures
  • Experience conducting penetration tests, running web application testing tools, performing manual testing and source code review using tools, validating test results, identifying root cause, analyzing vulnerabilities, and helping develop platform specific remediation plans
  • Experience in security testing with knowledge of security fundamentals and exploit techniques
  • One or more of the following security certifications preferred: GIAC Penetration Tester GPEN, GXPN Offensive Security Certified Professional or similar security certification(s)
  • BS in Computer Science or equivalent degree/experience desired

Skills:

Industries: