Capitec Bank | Penetration Tester 2020

Capitec Bank | Penetration Tester 2020

Location: Stellenbosch, Western Cape, ZA

Company: Capitec Bank Ltd

Purpose Statement
  • The incumbent will form part of the Cyber Offence team, whose goal is to ensure that the business is prepared and skilled to mitigate any cybersecurity threat.
  • The incumbent will play a major role in developing “world-class” cybersecurity capabilities within the Bank.
Experience

Min:

  • 3+ years of experience in security testing

Ideal:

  • 2 – 3 years’ financial services/banking background
  • 5+ years of experience in security testing
Qualifications (Minimum)
  • Grade 12 National Certificate / Vocational
  • Certification in Information Systems Auditing (CISA) or CISSP
Knowledge

Min:

  • Manual and automated security testing of infrastructure, networks, and web applications\services
  • Technical vulnerability assessments (CVE and CVS database knowledge)
  • Best practice technical reviews; using the company and industry standards
  • Common network protocols, system architecture, and operating systems
  • Logical access reviews and audit
  • Common cyber-attack techniques
  • Working within technically adept teams
  • Strong communication and reporting skills, the articulate risk to the business
  • Solution and white-boarding of systems to be assessed
  • Ability to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)
  • Experience in testing web services, web\mobile applications, and cloud applications
  • Proficiency with pen-testing tools (Security distro’s and intercepting proxy tools)
  • Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT
  • Understanding of system architectures and platforms (e.g. Windows, Unix, Linux, and RedHat)
  •  Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL, and Oracle)
  • Understanding of networking protocols and architectures, WAF’s, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls, and perimeter security technologies

Ideal:

  • Building an internal security testing team
  • Cyber Security Threat modeling and Attack-Path mapping
  • Conducting and participating in Red-Team\Purple teaming exercises
  • Experience with the Agile and DevOps models
  • Banking\financial systems knowledge
  • Familiarity with industry regulatory requirements, specific to information security
  • Proficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)
  • Red-Team training within a Microsoft AD networked environment
  • C2 staging and implementation environments
  • Research and development leading to automation and development of tools to aid in streamlining testing
  • Reverse engineering of malware\exploits
Skills
  • Communications Skills
Competencies
  • Achieving Personal Work Goals and Objectives
  • Delivering Results and Meeting Customer Expectations
  • Working with People
Additional Information
  • A valid driver’s license and own vehicle is preferred
  • Clear criminal and credit record
  • Contactable via own mobile phone
  • Required to be available after hours in case of emergency
  • Willingness to work or be available over time and/or weekends if required

Leave a Reply

Your email address will not be published. Required fields are marked *