Security Testing Consultant Consultant

Role Overview: As a Penetration Tester, you'll be part of an elite team of security experts dedicated to identifying and mitigating security vulnerabilities in web applications, infrastructure, cloud, API, wireless, and mobile applications. You will act as a trusted advisor, conducting comprehensive security assessments of clients' most critical assets. In addition to security testing, you will support the team to ensure on-time, on-budget delivery of assigned tasks, quality of deliverables, and overall customer satisfaction. This role requires mid-level expertise in multiple domains of security testing, with a versatile yet methodical approach.

What We Offer:

• Competitive salary.
• Opportunities for professional growth and development.
• Collaborative, dynamic, and positively charged work environment.
• Remote work options.
• Access to cutting-edge security tools and technologies.
• Recognition and rewards for outstanding performance.

Responsibilities:

• Perform regular penetration tests on web applications, infrastructure, cloud, API, wireless, and mobile applications.
• Contribute to Red Team and social engineering testing.
• Write detailed reports and present test findings to clients.
• Consult clients on required remedial actions.
• Assist with the development of junior team members.
• Support collateral marketing materials through research, white papers, and articles.
• Stay updated with the latest security trends, technologies, and threats.
• Contribute to the evolution of in-house penetration testing methodologies and processes.

Mandatory Technical Skills:

• Ability to perform black box, grey box, and white box tests with an attacker's mindset.
• Expertise in using tools like Kali, Burp Suite, Nmap, Nessus, Qualys, Metasploit, and others.
• Strong knowledge of the OWASP Testing Methodology.
• Solid understanding of security protocols such as SSL/TLS, SSH, and HTTP.
• Knowledge of cloud security platforms like AWS, Azure, and Google Cloud.
• Understanding of networking protocols and the OSI Model.

Mandatory Soft Skills and Qualities:

• Team player with effective communication skills.
• Goal-oriented with the ability to work independently and collaboratively.
• Capability to manage multiple projects, prioritise tasks, and stay organised.
• Strong analytical and problem-solving skills.
• High work ethic, attention to detail, and excellent documentation skills.
• Ability to translate technical details into language understandable by C-level executives.

Complementary Technical Skills:

• Hands-on experience with programming languages, databases, and IoT.
• Knowledge of containerisation technologies such as Docker.
• Experience with Attack & Threat Modelling.
• Familiarity with Red Team testing and social engineering attack methodologies.
• Working knowledge of CobaltStrike.
• Experience with bug bounty programs and vulnerability disclosure policies.

Education, Training, and Experience:

• Bachelor's degree in Cyber security/Computer Science is preferred.
• A minimum of 3-5 years of hands-on testing experience.
• Ideally, hold two or more of the following professional qualifications:
  • CREST CRT
  • OSCP
  • OSCE
  • CCT or equivalent
  • Red Team Test Leader