OVERALL OBJECTIVE OF JOB: This position is responsible for performing independently security assessments of clients’ information technology systems (including Internet, Intranet, Applications, Hosts, Firewalls, Mobile applications etc.) Communication in both written and verbal forms, including training courses, workshops, and consultations with clients and formal reports. These assessments are conducted on a by-project basis, ranging between one and three weeks per project, and will occasionally be done at the client site, in the United Kingdom, South Africa, or abroad. This role is also required to conduct on-going research in the IT security arena and regularly assist in the sales process.

SPECIFIC RESPONSIBILITIES:

This candidate will be responsible for:

· Perform security reviews of architecture and application designs

· Perform mobile, complex application, infrastructure, as well as social engineering

assessments and penetration testing

· Exploit vulnerabilities to gain access, and expand access to remote systems

· Document technical issues identified during security assessments

· Assist with building, hardening, and maintaining systems used for penetration testing

· Research cutting edge security topics and new attack vectors

· Assist with pre-sales to prospective clients

· Be a second trainer on multiple of the SensePost training course offerings

· Communication of findings/innovations internally, to SensePost colleagues (via blog)

· Work independently on projects

· Mentor to team members

QUALIFICATIONS

· IT related degree or certificate

· One of the industry leading qualifications (OSCP, CEH, CISSP, CREST, OSCE, OSCW)

· Industry experience working in Dev/Admin/Engineer field

OTHER SKILLS:

· Development experience in C/C++, C#, VB.NET, ASP, PHP, Java, Python or Ruby

· Strong Unix, Windows and networking security skills

· Familiarity with general application and network security concepts

· Excellent teaming and communication skills

· Manual penetration testing experience above and beyond running automated tools

· Experience developing custom scripts or tools used for vulnerability scanning and

identification

· Security Auditing tools

· Ethical hacking

· Intrusion prevention

· Active listening

· Trustworthy

· Critical thinking · Persistence · Self-control · Report writing · Presentation skills · Scripting / Coding · Sys Admin · Networking · Mobile / Signal · Attention to detail · In depth networking knowledge (MPLS, BGP, OSPF, IPv6, TOR) · Understanding of development frameworks · Broad understanding of hosting /cloud environment · Time management · Consistency · VOIP · Device management / Tacacs / Radius · Circumventing security controls · Judgement and decision making · Broad understanding of SIEM & Defensive Technologies. · Initiative

COMPETENCIES REQUIRED:

· Urgent desire to learn with a passion for technology

· Action oriented

· Motivated by being at the forefront of technology, and pushing technology boundaries

· Capacity to concentrate for long periods of time

· Motivated by the thrill of being able to “break” systems

· Conviction and courage – when you believe in something, you’ll follow through despite

opposition

· Willingness to work late when required

· Willingness to travel when required, possibly abroad

· Analytical and critical thinker

· Excellent interpersonal, presentation and communication skills

· Good written English skills

· People and project management skills

· Problem-solving skills

· Self-motivation

· Efficient

· Detail-oriented

· The ability to prioritize

· Team player

· Customer service focus

· Evil bit (äGCP) (hacker way of looking at complex problems and solving them creatively)

EXPERIENCE:

3 years’ experience in information security

BENEFITS: · Being part of a relaxed inspired team where your work is valued and appreciation for your work is visibly demonstrated · Opportunities to learn abound and innovation is encouraged · Learn from the best in the industry · Research and personal development time · Opportunities to travel aboard