Penetration Testing Manager

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the regions ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organizations to take control of their cyber capabilities and digital environments.

As experts in business security and privacy, we offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

1. Reports penetration testing and vulnerability assessment findings including risk level, proposed mitigation, and details necessary to reproduce the test results.
2. Identifies methods that attackers could use to exploit system and network vulnerabilities.
3. Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
4. Recommends security controls to mitigate risks identified through testing and review.
5. Leads in conducting required reviews, including reviews of defensive measures, according to the organization's policies.
6. Leads in conducting authorized penetration testing of infrastructure and assets.
7. Performs technical and nontechnical risk and vulnerability assessments of organizational technology environments.
8. Develops a deployable cyber defense audit toolkit based on industry best practice to support cyber defense audits.
9. Tests for vulnerabilities in web applications, client applications, and standard applications.
10. Leads in conducting complex physical security assessments of servers, systems, and network devices.
11. Explains business impact of vulnerabilities identified through testing to make a case for addressing them.
12. Designs complex simulated attacks to reflect impact in the organization's business and its users.
13. Supports in driving innovation in Penetration Testing services with cybersecurity vendors.
14. Supports in the implementation of go-to-market and roadmap for Penetration Testing services solutions & tools.
15. Supports in developing Penetration Testing Services lifecycle end-to-end, including ideation, feasibility analysis, planning, sourcing, business case, toolkits and operating models design, commercialization, launch, performance management, and retirement, in collaboration with other Advisory sections.
16. Supports in toolkits design, active participation, knowledge transfer, and consultation for Sales, Presales, and Marketing within sirar and selling partners to sell and market services.
17. Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualifications:

1. Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.
2. Master's degree in Cybersecurity, Computer Science/Information Technology or related discipline is preferred.

Professional Certifications Preferred:

1. Professional Certificate such as the below is preferred:
2. Offensive Security (OSCE, OSED, OSEE, OSWE, etc)
3. GIAC (GXPN, GDAT, GAWN, etc)
4. ISACA (CRISC, CISM, etc)
5. ISC2 (CISSP, CCSP, etc)

Years of Experience:

1. A minimum of 8 years in relevant experience.

Skills:

1. Advanced proficiency in conducting vulnerability scans and determining vulnerabilities from the results.
2. Advanced proficiency in conducting penetration testing in line with the organization's policies and best practices.
3. Advanced proficiency in developing insights about an organization's threat environment.
4. Advanced proficiency in analyzing vulnerability and configuration data to identify cybersecurity issues.
5. Advanced proficiency in mimicking threat behaviors.
6. Advanced proficiency in implementing adversary Tactics, Techniques, and Procedures.
7. Intermediate proficiency in service development.
8. Intermediate proficiency in user experience knowledge.
9. Intermediate proficiency in recognizing industry trends & KPIs.