Senior Security Analyst - Johannesburg
Salary Negotiable
Johannesburg,
Gauteng
more than 14 days ago
JOB TITLE: SENIOR SECURITY ANALYST
DIVISION: ASSEMENT TEAM
PERMANENT or CONTRACT POSITION: PERMANENT
OVERALL OBJECTIVE OF JOB:
This position is responsible for performing all forms of complex technical security assessments of clients’ information technology systems (including Internet, Intranet, Applications, Hosts, Firewalls, Mobile applications etc.) and related policies and procedures. Communication in both written and verbal forms, including training courses, workshops, and consultations with clients and formal reports. These assessments are conducted on a by-project basis, ranging between one and three weeks per project, and will occasionally be done at the client site, in the United Kingdom, South Africa, or abroad. This role is also required to conduct on-going research in the IT security arena and regularly assist in the sales process.
SPECIFIC RESPONSIBILITIES:
This candidate will be responsible for:
• Perform security reviews of architecture and application designs, as well as application source code reviews
• Perform mobile, complex application, infrastructure, as well as social engineering assessments and penetration testing
• Exploit vulnerabilities to gain access, and expand access to remote systems
• Document technical issues identified during security assessments
• Assist with building, hardening, and maintaining systems used for penetration testing
• Research cutting edge security topics and new attack vectors
• Assist with pre-sales to prospective clients
• Be the core trainer on at least one of the SensePost training course offerings.
• Assist with improvements for SensePost security services, including the continuous enhancement of existing methodology and reporting formats, as well as training collateral.
• Communication of findings/innovations internally, to SensePost colleagues (via blog)
• Represent SensePost at international events, forums or training event
• Demonstrate the ability to be an industry expert
• Mentor to team members
QUALIFICATIONS
• IT related degree or certificate
• One of the industry leading qualifications (OSCP, CEH, CISSP, CREST, OSCE, OSCW)
• Industry experience working in Dev/Admin/Engineer field
• Industry experience working in Information security field as a penetration tester
OTHER SKILLS:
• Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, Java, Python or Ruby
• Strong Unix, Windows and networking security skills
• Familiarity with general application and network security concepts
• Excellent teaming and communication skills
• Manual penetration testing experience above and beyond running automated tools
• Experience developing custom scripts or tools used for vulnerability scanning and identification
• Security Auditing tools
• Ethical hacking
• Intrusion prevention
• Active listening
• Trustworthy
• Critical thinking
• Persistence
• Self-control
• Report writing
• Presentation skills
• Scripting / Coding
• Sys Admin
• Networking
• Mobile / Signal
• Attention to detail
• In depth networking knowledge (MPLS, BGP, OSPF, IPv6, TOR)
• Understanding of development frameworks
• Broad understanding of hosting /cloud environment
• Time management
• Consistency
• VOIP
• Device management / Tacacs / Radius
• Circumventing security controls
• Judgement and decision making
• Broad understanding of SIEM & Defensive Technologies.
• Initiative
• Programming methodologies
• Quality management principles
• Project management principles
• Negotiation skills
• ERP and CRM systems
• Innovation
• Advance Cloud Architecture
COMPETENCIES REQUIRED:
• Urgent desire to learn with a passion for technology
• Action oriented
• Motivated by being at the forefront of technology, and pushing technology boundaries
• Capacity to concentrate for long periods of time
• Motivated by the thrill of being able to “break” systems
• Conviction and courage – when you believe in something, you’ll follow through despite opposition
• Willingness to work late when required
• Willingness to travel when required, possibly abroad
• Analytical and critical thinker
• Excellent interpersonal, presentation and communication skills
• Good written English skills
• People and project management skills
• Problem-solving skills
• Self-motivation
• Efficient
• Detail-oriented
• The ability to prioritize
• Team player
• Customer service focus
• Industry knowledge and network
• Resilience
• Time Management
• Evil bit (?GCP) (hacker way of looking at complex problems and solving them creatively)
EXPERIENCE:
5 years’ experience in information security
BENEFITS:
• Being part of a relaxed inspired team where your work is valued and appreciation for your work is visibly demonstrated
• Opportunities to learn abound and innovation is encouraged
• Learn from the best in the industry§
• Flexible working hours
• Research and personal development time
• Opportunities to travel aboard
DIVISION: ASSEMENT TEAM
PERMANENT or CONTRACT POSITION: PERMANENT
OVERALL OBJECTIVE OF JOB:
This position is responsible for performing all forms of complex technical security assessments of clients’ information technology systems (including Internet, Intranet, Applications, Hosts, Firewalls, Mobile applications etc.) and related policies and procedures. Communication in both written and verbal forms, including training courses, workshops, and consultations with clients and formal reports. These assessments are conducted on a by-project basis, ranging between one and three weeks per project, and will occasionally be done at the client site, in the United Kingdom, South Africa, or abroad. This role is also required to conduct on-going research in the IT security arena and regularly assist in the sales process.
SPECIFIC RESPONSIBILITIES:
This candidate will be responsible for:
• Perform security reviews of architecture and application designs, as well as application source code reviews
• Perform mobile, complex application, infrastructure, as well as social engineering assessments and penetration testing
• Exploit vulnerabilities to gain access, and expand access to remote systems
• Document technical issues identified during security assessments
• Assist with building, hardening, and maintaining systems used for penetration testing
• Research cutting edge security topics and new attack vectors
• Assist with pre-sales to prospective clients
• Be the core trainer on at least one of the SensePost training course offerings.
• Assist with improvements for SensePost security services, including the continuous enhancement of existing methodology and reporting formats, as well as training collateral.
• Communication of findings/innovations internally, to SensePost colleagues (via blog)
• Represent SensePost at international events, forums or training event
• Demonstrate the ability to be an industry expert
• Mentor to team members
QUALIFICATIONS
• IT related degree or certificate
• One of the industry leading qualifications (OSCP, CEH, CISSP, CREST, OSCE, OSCW)
• Industry experience working in Dev/Admin/Engineer field
• Industry experience working in Information security field as a penetration tester
OTHER SKILLS:
• Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, Java, Python or Ruby
• Strong Unix, Windows and networking security skills
• Familiarity with general application and network security concepts
• Excellent teaming and communication skills
• Manual penetration testing experience above and beyond running automated tools
• Experience developing custom scripts or tools used for vulnerability scanning and identification
• Security Auditing tools
• Ethical hacking
• Intrusion prevention
• Active listening
• Trustworthy
• Critical thinking
• Persistence
• Self-control
• Report writing
• Presentation skills
• Scripting / Coding
• Sys Admin
• Networking
• Mobile / Signal
• Attention to detail
• In depth networking knowledge (MPLS, BGP, OSPF, IPv6, TOR)
• Understanding of development frameworks
• Broad understanding of hosting /cloud environment
• Time management
• Consistency
• VOIP
• Device management / Tacacs / Radius
• Circumventing security controls
• Judgement and decision making
• Broad understanding of SIEM & Defensive Technologies.
• Initiative
• Programming methodologies
• Quality management principles
• Project management principles
• Negotiation skills
• ERP and CRM systems
• Innovation
• Advance Cloud Architecture
COMPETENCIES REQUIRED:
• Urgent desire to learn with a passion for technology
• Action oriented
• Motivated by being at the forefront of technology, and pushing technology boundaries
• Capacity to concentrate for long periods of time
• Motivated by the thrill of being able to “break” systems
• Conviction and courage – when you believe in something, you’ll follow through despite opposition
• Willingness to work late when required
• Willingness to travel when required, possibly abroad
• Analytical and critical thinker
• Excellent interpersonal, presentation and communication skills
• Good written English skills
• People and project management skills
• Problem-solving skills
• Self-motivation
• Efficient
• Detail-oriented
• The ability to prioritize
• Team player
• Customer service focus
• Industry knowledge and network
• Resilience
• Time Management
• Evil bit (?GCP) (hacker way of looking at complex problems and solving them creatively)
EXPERIENCE:
5 years’ experience in information security
BENEFITS:
• Being part of a relaxed inspired team where your work is valued and appreciation for your work is visibly demonstrated
• Opportunities to learn abound and innovation is encouraged
• Learn from the best in the industry§
• Flexible working hours
• Research and personal development time
• Opportunities to travel aboard
Recruiter: Squire Solutions Recruitment Pty Ltd