Information Security Analyst – Sandton
Gauteng, Full Time Deadline: Not specified
Key Purpose
Perform penetration tests using various techniques that mimic real-world attacks to exploit vulnerabilities on web and mobile applications within the Discovery Group.
Areas of responsibility may include but not limited
Work with relevant stakeholders to determine penetration testing requirements and
Plan and create penetration methods, scripts and tests
Carry out penetration testing to expose weaknesses in security
Simulate security breaches to test a system’s relative security
Create reports and recommendations from findings, including the security issues uncovered and level of risk
Advise on methods to fix or lower security risks to systems
Present findings, risks and conclusions to relevant stakeholders
Consider the impact the ‘attack’ will have on the business and its users
Understand how the flaws identified could affect a business, or business function, if they’re not fixed.
Remain abreast with the latest attack methodologies and tactics
Personal Attributes and Skills
Ability to work in a team environment, outgoing and inter-personal skills
Ability to work according to project deadlines, under pressure and cope with a highly stressful environment.
Must be passionate about information security and be current with trending security related topics
Has solid technical skills to operate independently and support others within a high performing security team.
Ability to operate in high demand and pressure environment
Logical reasoning
Qualifications ’ Experience
Relevant degree in Computer Science / Computer Engineering advantageous
Relevant Security certifications (CEH, GPEN, OSCP, CREST,etc)
3-5 years experience in penetration testing including web, mobile and cloud applications
2 years experience in Red team engagements and threat analysis
Mastery of Linux/Mac/Windows operating systems including Bash, PowerShell and Python.
Network/Wireless Penetration Testing
Ability to understand and modify code in a diverse range of programming languages and frameworks
Proficiency in cryptographic protocols and cipher suites
Thorough understanding of network protocols, data on the wire, and covert channels
Source code reviews.
Familiarity with penetration testing methodology and standards