Loading...
 
Share this Job

Penetration Tester

Date: 25-Nov-2021

Location: Stellenbosch, Western Cape, ZA

Company: Capitec Bank Ltd

Purpose Statement

  • The incumbent will form part of the Cyber Offence team, whose goal is to ensure that the business is prepared and skilled to mitigate any cyber security threat.
  • The incumbent will play a major role in developing “world-class” cyber security capabilities within the Bank.
     

Experience

Min:

  • 5+ years’ experience in Information Security
  • 2+ years’ experience in Penetration testing


Ideal:

  • 2 - 3 years’ financial services / banking background

Qualifications (Minimum)

  • Grade 12 National Certificate / Vocational
  • Certification in Information Systems Auditing (CISA) or CISSP

Qualifications (Ideal or Preferred)

  • A relevant tertiary qualification in Science or Engineering - Other

Knowledge

General

  • Knowledge of basic system administration, network, and operating system (Windows and Linux) hardening techniques.
  • Knowledge of cryptography and cryptographic key management concepts.
  • Knowledge of host/network access control mechanisms (e.g., access control list).
  • Knowledge of common network protocols (e.g. TCP, UDP, DHCP, DNS).
  • Knowledge of information technology security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).
  • Knowledge of the application and network firewall concepts and functions.


Cyber Security

  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of vulnerability assessment tools, including open source tools, and their capabilities.
  • Knowledge of infrastructure, network, and software penetration testing principles, tools, and techniques.
  • Knowledge of root cause analysis techniques.
  • Knowledge of cybersecurity principles that apply to infrastructure and network deployments and software development
  • Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
  • Knowledge of cyber attackers (e.g., script kiddies, insider threat, organised crime, and nation-states).
  • Knowledge of general attack stages (e.g. cyber kill-chain).
  • Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.


Software Testing and development

  • Knowledge of the secure software development lifecycle.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, SQL injection).
  • Knowledge of web services, including service-oriented architecture (e.g. SOAP, REST) and web service description language (e.g. WSDL, Swagger)
  • Knowledge of secure software deployment methodologies, tools, and practices.
  • Knowledge of software development models (e.g., Waterfall, Agile).


Standards

  • Knowledge of Payment Card Industry (PCI) data security standards.
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of Information and Cybersecurity best practices (.e.g. ISF, CIS, OWASP)

Skills

  • Communications Skills

Competencies

  • Achieving Personal Work Goals and Objectives
  • Delivering Results and Meeting Customer Expectations
  • Working with People

Conditions of Employment

  • Clear criminal and credit record