Share this Job

Penetration Tester

Date: 14-Jul-2022

Location: Stellenbosch, Western Cape, ZA

Company: Capitec Bank Ltd

Purpose Statement

  • To ensure that the business is prepared and skilled to mitigate any cyber security threat through
    • Assessing and testing the applications and processes of the Bank.
    • Identifying potential areas of weaknesses from a security perspective.
    • Playing a key role in developing world class cyber security capabilities within the Bank by means of knowledge transfer, education, training and research.

Experience

MINIMUM:

  • 3 – 5 years’ experience in cyber security testing
  • Risk identification and communication relating to cyber security

IDEAL:

  • 5+ years in cyber security testing
  • 2 – 3 years financial services / banking experience 
  • Experience with the Agile and DevOps models

Qualifications (Minimum)

  • Grade 12 National Certificate / Vocational
  • Certification in Information Technology

Qualifications (Ideal or Preferred)

  • A relevant tertiary qualification in Information Technology or Information Technology - IT Engineering

Knowledge

MINIMUM:

  • Manual and automated security testing of infrastructure, networks, and web applications\services
  • Technical vulnerability assessments (CVE and CVS database knowledge)
  • Best practice technical reviews; using company and industry standards
  • Common network protocols, system architecture, and operating systems
  • Logical access reviews and audit
  • Knowledge of TTP's/MITRE Attack Framework, threat-attack landscape
  • Strong communication and reporting skills, articulate risk to business
  • Solution and white-boarding of systems to be assessed
  • Ability to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)
  • Experience in testing web services, web\mobile applications, and cloud applications
  • Proficiency with pen-testing tools (Security distro’s and intercepting proxy tools)
  • Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT 
  • Understanding of system architectures and platforms (e.g. Windows, Unix, Linux and RedHat)
  • Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL and Oracle)
  • Understanding of networking protocols and architectures, WAF’s, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls and perimeter security technologiesEnd User Infrastructure Service technologies (e.g. Print Management Solutions)

IDEAL:

  • Cyber Security Threat modelling and Attack-Path mapping
  • Conducting and participating in Red-Team\Purple teaming exercises
  • Familiarity with industry regulatory requirements, specific to information security
  • Proficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)
  • Reverse engineering of malware\exploits

Skills

  • Communications Skills
  • Computer Literacy (MS Word, MS Excel, MS Outlook)
  • Attention to Detail
  • Analytical Skills
  • Problem solving skills

Competencies

  • Adhering to Principles and Values
  • Presenting and Communicating Information
  • Writing and Reporting
  • Applying Expertise and Technology
  • Analysing
  • Learning and Researching
  • Delivering Results and Meeting Customer Expectations

Conditions of Employment

  • Clear criminal and credit record

Capitec is committed to diversity and, where feasible, all appointments will support the achievement of our employment equity goals.