Information Security Consultant
Responsible for the identification, measurement, control and minimisation of loss associated with infiltration testing (hacking) and other uncertain risks throughout the ICT environment. Investigates, detects and prevents fraud within the company. Reports on fraud investigations to Forensic Audit Manager. Reviews all information collected and evaluates evidence against prevailing legal norms and standards. May give factual evidence in a disciplinary process or in criminal or civil court proceedings. Provides advice and consultancy with respect to risk management practices and concerns in order to improve upon the online channel’s security posture and reduce risks.
- Degree or Diploma and/or required Certification with 3 to 5 years related experience.
- Minimum 3 – 5 Penetration testing experience
- Python coding
- .Net Coding skills
- Experience working with Kali toolset and other open source and COTS hacking tools
- Grade 12
- Completed a pen testing course like HBN, CEH, OSCP or SANS 504, SANS 560, SANS 561 (or equivalent experience)
- The incumbent will be required to Certify his/her skills be completing certification exams over time (CEH/GPEN/OSCP) etc.
- Perform formal penetration tests on web-based applications, networks and computer systems
- Conduct physical security assessments of servers, systems and network devices
- Design and create new penetration tools and tests
- Probe for vulnerabilities in web applications, fat / thin client applications and standard applications
- Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
- Employ social engineering to uncover security holes (Like poor user security practices or password policies)
- Incorporate business considerations (Like loss of earnings due to downtime, cost of engagement) into security strategies
- Research, document and discuss security findings with management and IT teams
- Review and define requirements for information security solutions
- Work on improvements for security services, including the continuous enhancement of existing methodology material, monitoring capabilities and preventative controls.
- Provide feedback and verification as an organization fixes security issues
- Although the focus is on Offensive security this role will work closely with the defensive security disciplines (Blue Team) and assist in development of systems to automate and improve response times of this team as well.
Knowledge and Skills:
- Incident Investigations
- Document Auditing
- Risk management
- Reporting and administration
- Quality, compliance and accreditation