Onsite Colombo Full Time
In this role, the candidate should conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective, and response controls across the global technology landscape. The candidate should use their expertise to help influence technology decisions and work as part of a team to create consistent approaches to offensive security processes and techniques.
The Job
• Conduct highly complex offensive security operations testing consistent with known adversary tactics, techniques (APT or Cyber Kill Chain), and procedures and contribute to the development of objectives and approaches taken to remediate risk
• Document security issues and impacts identified through offensive operations clearly and concisely to facilitate reporting to impacted stakeholders.
• Deliver the annual penetration testing schedule and conduct awareness campaigns to ensure proper budgeting by business lines for annual tests
• Consult with application developers, system administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation
• Consult with defensive operations teams on adversary tactics to guide and mature cyberdefensive countermeasures
• Independently handle complex issues with minimal supervision while escalating only the most challenging issues to appropriate staff
• Perform penetration tests on Web applications, Network Devices, and mobile applications and API testing
• Research, evaluate, document, and discuss findings with IT teams and management.
• Identify areas where improvement is needed in security education and awareness for users
• Stay updated on the latest malware and security threats.
• Understand and safely use various open source penetration testing tools and when appropriate, emulating hacker tactics, techniques, and procedures
• Automate penetration and other security testing on networks, systems, and applications.
• Produce actionable, threat-based, reports on security testing results.
• Communicate security issues to a wide variety of internal and external "customers" to include technical teams, executives, risk groups, vendors, and regulators.
The Person
• Should possess a Degree in IT/Information security/Telecommunication from a recognized university/institute
• Information security-related certifications -LPT,CPENT,CEH Master, OSCP,OSEP, eJPT,ePPT,eWPT
• Minimum 3 years experience in pentest related area.
o Network penetration testing and manipulation of network infrastructure
o Web, Mobile Application Penetration Testing
o Shell scripting or automation of simple tasks using Perl, Python, or Ruby
o Developing, extending, or modifying exploits, shellcode or exploit tools
o Reverse engineering malware, data obfuscators, or ciphers
• Source code review for control flow and security flaws
If you are the person we are looking for please send us your CV to sewmi@imcs.lk (Mention the position in the subject line.) Any issues ? Please contact. 0112966 660 / 0776666765