Penetration Testing Senior Specialist

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the regions ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organizations to take control of their cyber capabilities and digital environments. As experts in business security and privacy, we offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

1. Participates in reporting penetration testing and vulnerability assessment findings including risk level, proposed mitigation and details necessary to reproduce the test results.
2. Identifies methods that attackers could use to exploit system and network vulnerabilities.
3. Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
4. Gathers information about network topography and usage through technical analysis and open-source research and documents findings.
5. Uses security testing and code scanning tools to conduct code reviews.
6. Conducts authorized penetration testing of infrastructure and assets.
7. Performs technical and non-technical risk and vulnerability assessments of organizational technology environments.
8. Tests for vulnerabilities in web applications, client applications, and standard applications.
9. Conducts physical security assessments of servers, systems and network devices.
10. Participates in explaining the business impact of vulnerabilities identified through testing to make a case for addressing them.
11. Presents test findings, risks, and conclusions to technical and non-technical audiences.
12. Participates in designing complex simulated attacks to reflect impact in the organization's business and its users.
13. Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualifications:

1. Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related discipline.
2. Master's degree in Cybersecurity, Computer Science/Information Technology or related discipline is preferred.

Professional Certifications Preferred:

1. Relevant certification in technology Security (CISSP, CAP, SSCP, (ISC)2, CCFP, CISM etc.) is preferred. ISO 27001 Lead Implementor, Lead Auditor.

Years of Experience:

1. 3-5 years of relevant experience.

Skills:

1. Intermediate proficiency in data collection and analysis.
2. Intermediate proficiency in reporting skills and recommending actions to be taken.
3. Intermediate proficiency in reviewing and editing cybersecurity-related plans.
4. Intermediate proficiency in identifying gaps and limitations in cyber threat intelligence provision.
5. Intermediate proficiency in developing, deploying, and integrating policies that meet organizational system cybersecurity objectives.