let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us

info@domain.com
example@domain.com

Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

Principal Penetration Tester

  • By Paulina Motowidlo
  • 27 April 2022
  • 166 Views

You will join one of the largest bank in the world.

.

ABOUT THE PROJECT

This job role is responsible for providing subject matter expertise in Penetration Testing to support wider Cyber Security efforts and organization. The successful candidate will operate as part of a global/regional team within the Cybersecurity organization to provide expertise, oversight and assurance around security process, controls, standards and regulatory requirements.

.

Required:

  • Lead/perform and own the design and delivery of penetration tests across variety of technologies
  • Work within virtual teams of security and technical specialists to ensure quality delivery of world class security solutions to the business
  • Lead penetration tests designed to highlight and clearly articulate risk to the business, in terms the business can understand
  • Drive and lead penetration tests and resulting deliverables, to aid in ensuring that the Bank operates within defined risk appetite
  • Represent Cybersecurity function as technical SME in internal and external discussions
  • Help drive the maturity of Cybersecurity function by continuously improving quality of our services and removing inefficiencies, in line with wider Cybersecurity strategy
  • Ensure adherence to the three lines of defence organisational model, with clear lines of responsibility, accountability and segregation of duties
  • Ensure compliance with internal audit and external regulators, to ensure that any organisational changes are fit for purpose and meet their expectations
  • Collaborate with relevant stakeholders to enhances the delivery of a Cybersecurity strategy to secure the bank’s technology, protecting and enhancing company’s values, reputation and stakeholder value
  • Provide supervision, guidance and mentor less experienced members of a team

.

A successful candidate will ensure the security of the company’s custom applications and related implementations by identifying potential vulnerabilities and appropriate controls, guiding risk mitigation, and liaising directly with engineering and management teams, business owners, and global technical workgroups.

.

YOUR RESPONSIBILITIES:

  • Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review
  • Clearly and professionally document root cause and risk analysis of all findings
  • Adhere to the security testing process and raise any gaps or opportunities for improvement with the manager
  • Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks
  • Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks
  • Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required
  • Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports
  • Advise on vulnerability remediation, control implementation and secure development practices
  • Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications
  • Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities
  • Assist in planning, test execution and vulnerability mitigation
  • Ensure that company security policies are implemented, enforced, and enhanced when appropriate
  • Participate in team discussions to formulate new or enhance existing processes and standards
  • Assist in security incident response activities
  • Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices; report control weaknesses, compliance breaches and operational loss events
  • Run evaluations of new security testing technologies and provide recommendations
  • Monitor security industry information sources and keep abreast of events, research, and developments
  • Identify opportunities to improve our processes, quality of the work and efficiencies

.

SKILLS & EXPERIENCE THEY REQUIRE:

  • Strong written and verbal communication skills in English language – used for all formal communication
  • Ability of critical thinking to form and clearly articulate identified issues and their consequences
  • Ability to comfortably hold a conversation on cyber security aspects with both technical and non-technical audience
  • Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth
  • Understand the business context/significance of technical penetration testing findings
  • Consistently output superior quality of deliverables
  • Poses an entrepreneurial attitude to excel in loosely defined scenarios
  • Ability to work independently or lead any size team of penetration testers
  • Superior time management skills and self-discipline
  • Be subject matter expert in at least 2 of penetration testing domains (i.e. infrastructure/apps/mobile)
  • Demonstrated ability to solve complex technical problems

The ideal candidate for this position will have:

At least 5 years of prior demonstrable hands-on experience in penetration testing.

  • Solid understanding of the platform security models for iOS and Android platforms
  • Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications
  • Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods
  • Excellent TCP/IP knowledge and understanding of security implications/issues
  • Strong web application testing experience
  • Proven programming/scripting skills
  • Ability to explain security functionality from first principles
  • Ability to adapt and apply information to new scenarios and technologies
  • Strong understanding of applied use of cryptography in application development
  • Minimum 12+ years of experience in IT

.

NICE TO HAVE:

  • Strong grasp of common technologies, protocols and architectures commonly used by mobile applications (HTML, XML, JavaScript, JSON, REST, Micro-services etc.)
  • Strong understanding of software development lifecycles especially DevOps
  • Experience with dynamic and static application security testing and associated tools
  • Experience with performing security code reviews for Java, Objective C, Swift and Kotlin programming languages
  • Strong initiative, consensus-building and ability to collaborate directly with a variety of clients (business, development, compliance, etc.)
  • Experience with mobile security testing frameworks such as OWASP MASVS, OWASP MSTG.
  • Knowledge of enterprise application design & common security issues associated with it
  • Advanced knowledge of common security analysis tools and testing techniques especially for the mobile security space
  • Hands-on experience with SAST, DAST, IAST tools and ways to supplement their limitations.
  • Knowledge of security verification of mechanisms & technologies such as SSL, Pinning, Biometric Authentication, Out of Band Authentication, JWT, SAML, RASP, Oauth2 etc.
  • Prior software programming and development experience especially of iOS & Android platforms 
  • Prior programming experience with Java, Kotlin, Objective C & Swift programming languages 
  • Prior experience with security testing or secure application development for a large enterprise 
  • Prior experience with cloud-hosted applications & services 
  • Experience in reverse engineering or disassembly

.

WHAT THEY OFFER:

  • Contact with top IT technologies available in the market
  • Employees’ benefits: Multisport Card, private medical and dental health care, life insurance
  • Free parking space for our employees – few minutes from the office
  • Internal training events and workshops
  • Realistic career progression opportunities in an international organization
  • Casual dress code
  • Cultural exchange

.

Note: Prepare your CV in English (PDF), fill in the form, and apply! 🙂
Please include in your CV the following clause necessary for the recruitment process:

“I agree to the processing of personal data that I have made available voluntarily in the recruitment process by the Administrator of personal data, i.e. Dotcommunity Spółka z ograniczoną odpowiedzialnością [Ltd.] based in Cracow, 15 Żabiniec Street, 31-215 Cracow, registered in Poland, the Cracow’s District Court – Śródmieście, XI Commercial Division of the National Court Register under number 0000468484, VAT number: 9452174499, (“Dotcommunity”) in order to carry out the recruitment process for the Principal Penetration Tester position on the basis of Art.6 item 1a of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”

Dotcommunity jest zarejestrowana w Rejestrze agencji zatrudnienia (KRAZ) pod numerem 9904.

    *-required