Penetration Tester

• The applicant shall work with our development team to support and guide in the creation of an Attack Surface Management tool and associated scripts.
• The applicant is expected to have extensive & intensive experience in penetration testing activities to ensure protection of the products from its potential threats.
• The applicant shall adhere to the recognised Standards & frameworks to ensure Invias product security & systems are resilient to existing and emerging cyber security threats.
• The applicant shall define and execute penetration testing activities for both Invias in-house products as well as external client products under the scope of Invias security purview.

Key Responsibilities

• Contribute to the development of a platform that will collect risk data, provide analysis and reporting, and enable remediation. This is a significant initiative, providing you with the opportunity to make a huge impact.
• Acting as our key contact point for all penetration testing needs across Invia while providing a frictionless experience on all engagements.
• Owning and managing the annual penetration testing schedule for all applicable systems in scope and ensuring these are conducted as planned and all systems meet their annual testing requirements.
• Supporting and mentoring other team members within the Cyber Security capability and broader Technology teams on penetration testing and vulnerability management.
• Contributing to the development of technical hardening guidelines and engineering and assurance documentation for education and awareness for providing subject matter expertise on all forms of penetration testing and the applicable use cases for each.
• Clearly communicating security issues and risks from testing findings to both technical and non-technical stakeholders.
• Engaging with business stakeholders and maintaining awareness of new systems and platforms and their ramifications on the organizations cyber security and risk posture.

Key challenges

• Working with a global organisation across multiple time zones
• Keeping abreast of current with emerging vulnerabilities, risks, and threats, in addition to understanding their appropriate countermeasures.

Key knowledge and experience

• Certified Offensive Security Certified Professional (OSCP)
• CEH Certified
• Strong customer centric approach as well as excellent interpersonal skills & problem-solving skills.
• Extensive experience in pen testing Web applications, mobile applications (Android and IOS), API, Wireless, Network, Hardware & IoT.
• Extensive experience with various tools and frameworks like Kali Linux, Metasploit, Burp Suite, Nmap, Nessus, etc.
• Experience with Social Engineering Engagements including phishing, phone, and physical security controls.
• Extensive experience with Adversary Simulation (Red Teaming).
• Experience with Windows server infrastructure and IIS web servers
• Experience with Ubuntu and Apache web servers
• Competent adherence to the following standards and frameworks
• Open Web Application Security Project (OWASP)
• OWASP Mobile Security
• OWASP Application Security Verification Standard (ASVS)
• NIST Cybersecurity Framework
• The Penetration Testing Execution Standard (PTES)
• Open-Source Security Testing Methodology Manual (OSSTMM)
• Mobile Security Testing Guide (MSTG)