Responsibilities
Create annual plans
Plan the penetration test, scope, type, internal, external, authenticated
Select, design and make use of freeware, commercial tools and exploits for testing
Perform the penetration test on computer systems, networks, web-based and mobile
applications
Document your methodologies
Gather the data intelligence not only from the output of the automated penetration tools but also
from information gathered from earlier stages to identify vulnerabilities that the tools may not
see
Review your findings and feedback with internal teams
Analyze the outcomes and make tangible recommendations for security improvements
Assist with vulnerability scanning, automation and patch management
Key responsibilities
Carry out application, network, systems and infrastructure penetration tests
Evaluate and select from a range of penetration testing tools
Keep up to date with latest testing and ethical hacking methods
Deploy the testing methodology and collect data
Report on findings to a range of stakeholders
Make suggestions for security improvements
Enhance existing methodology material
Track actions and formal and structured way to enable KPI reporting and measurements
Core skills
Goo
d understanding of network protocols
Solid technical skills in both information security architecture and penetration testing
Ability to assess testing tools and deploy the right ones
Project planning skills
A solid understanding of ethical hacking
Scripting and programming experience are essential
Ability to explain findings to non-technical professionals
Excellent report writing and presentation skills in English
Customer facing skills and a proven track-record of building client relationships
Able to work independently but also as part of a team
Flexibility to change direction and manage conflicting demands and emergencies
Outstanding organisational and data analytics skillsComfortable working in a fast-paced environment
Working in a structured and methodical way
Relevant experience
At least 2 years of Penetration testing experience of systems, web-based applications, infrastructure, mobile and
networks.
Solid knowledge and experience of using a variety of penetration testing or threat modelling
tools including open source and commercial
Experience of threat reporting and assessing vulnerabilities based on industry standards
Identifying threats using threat risk modeling and creating solutions or mitigation approaches
Proven ability to understand and meet client needs, build relationships and develop a positive
dialogue
Adept at explaining technical jargon to non-technical parties
Scripting skills and reverse engineering experience is desirable
Past experience of using problem solving techniques and developing solutions to meet
vulnerability threats