• Login Name       Password       Remember me       LOGIN LOGIN    FORGOT PASSWORD
  • REGISTER

 LOGIN WITH
 
 
 
 
 EMPLOYERS
 
 
 
 
 
 NEWSLETTER
 
 
 
 
 FOLLOW US

Technical Specialist Penetration Testing

Job Ref
265977
Job Type
Permanent
Employer Type
Company
Date Added 15 Nov 2016
Expiry Date 13 Dec 2016
* There have been 48 applications to this job.
* This job has been viewed 6763 times.
Employer:
Standard Bank

Location:
Gauteng

Salary:
Market related

Benefits:


Role details:
Business Unit: Group IT / Technology Risk and IT Security

Job purpose:

As Tier 3 Technical Specialist, Penetration Testing at Standard Bank, you will assess security risks related to our business information technology systems.
Specialists will be required to work with both business and technology audiences within our environments. This role is also a mentorship role and you will be expected to train and assist the Head of Department to train and up skill the junior staff and technical staff in different business units.
- - - - - - - - - - - - - -
Key responsibilities:

- Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine reconnaissance, and help with incident response.
- Assess information security risks associated with both new and existing web, thin-client, and full-client applications in addition to risks in networks and systems.
- Communicate findings, risk levels, and fix recommendations verbally, in writing and through presentations to Executive Management and their delegated representatives.
- Review new and emerging exploits and vulnerabilities, and understand how to defend against them.
- Review both commercial and open-source tools to enhance Standard Banks security testing labs.
- Cross-train fellow security team members (architects, analysts, and engineers) on the latest tools and techniques.
- Ensure that threat and vulnerability evaluations are performed on a repetitive basis in compliance with Group Policy.
- Provide mitigation options to the relevant Head of Technology Risk & IT Security / Business leaders, to reduce risk to an acceptable level, based on the value of the resource to the organization.
- Provide requisite support in the event of any crisis to the relevant stakeholders.
- Identify, assess and prioritize risks based on clear definitions established with the relevant Head of Technology Risk & IT Security
- Ensure accountability is assigned for all identified risks, and measure remediation by line of business.
- Coordinate shared service offerings from Penetration Testing services to GTSS Technology Risk & IT Security customer base.
- Contribute to development / maintenance of Penetration Testing Service Catalogue
- Ensure that declared service levels are being met and provide ongoing support, performance review and mentoring where appropriate.
- Ensure adherence of penetration testing per the Information Security Policies / Guidelines /Penetration Testing Policy and Code of Ethics.
- Provide recommendations to business and other stakeholders on control measures to minimize and mitigate risk via the bank environment.
- Provide risk assessment trends as it relates to penetration testing to assist with the security awareness programmes within the bank.
- Mentor, educate and coach team members.
- Cross train certified ethical hackers to better understand the banks’ business lines.
- Ensure that staff follows relevant Bank and compliance policies.
- Provide training to relevant parties on vulnerabilities, their cause and potential fixes (developers, architects, analysts)
- Establish project teams per penetration test and ensure that resources are managed effectively.
- Understand and act on those factors that affect the successful delivery of projects
- Ensure adherence to IT governance, regulatory and organisational compliance on projects and initiatives
- Proactively protect and project a positive image of the GTSS department as well as the bank in all business dealings
- Build and maintain good quality relationships with internal and external services suppliers, customers and colleagues.
- Proactively protect and project a positive image of the GTSS department as well as the bank in all business dealings.
- Provide penetration testing information to enhance policies, process controls and associated systems.

Qualifications / knowledge:

- Degree or Diploma in Business, IT or a related subject strongly preferred.
- Appropriate professional accreditation in Ethical Hacking (CEH) / Audit (CISA) / IT Security/Risk Assessment/ Offensive Security/ Crest strongly preferred.

Business/ Commercial Knowledge:

- Strong knowledge of test methodologies and SDLC lifecycle.
- Knowledge of test tools/ hardware used in the organization and the penetration testing/hacking community.
- Intermediate Project Management.
- Intermediate people management.
- Good report writing.
- Good script writing/ coding/programming
- Process management
1. Including knowledge of standard business processes including work prioritization, best practices.
- Knowledge of domestic and international banking industry.
1. Including knowledge of Standard Bank’s business, products, key clients, business strategy and strategic issues.
2. Including knowledge of regulatory requirements of home markets (e.g., SARB, UK, Argentina)



 
HOME|
INFO|