Assess real-life risks by identifying security weaknesses, actively exploit their findings, and determine additional impact through post exploitation in accordance with KCB Group’s business objectives, regulatory requirements, and strategic goals. Perform one or more of the following roles as a penetration tester: external network security testing, internal network security testing, wireless security testing, web application security testing, mobile application security testing, social engineering, non-destructive physical security testing and access control reviews.
Key Responsibilities: –
- Conduct regular penetration tests and vulnerability assessments on networks, web applications, and other critical infrastructure.
- Develop, implement, and manage penetration testing schedules to identify, classify, report, and prioritize remediation of security vulnerabilities across the Group resulting in timely and effective security assessments.
- Use a variety of tools and techniques to simulate attacks on systems and uncover vulnerabilities.
- Develop and deliver reports on the status and effectiveness of the security testing program to internal leadership and all relevant stakeholders.
- Perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, risks, and recommendations.
- Provide technical VAPT related support to projects in a bid to ensure compliance to technical security policies and standards. Execute penetration testing projects using the established methodology, tools, and rules of engagements.
- Develop, research, and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryption.
- Cross-Functional Collaboration with other teams and departments to enable effective defence-in-depth controls through Red Team, Purple Team and Blue Team exercises.
- Emulate advanced threat actors by planning, executing, and analysing complex attack scenarios. Help develop and refine tactics, techniques, and procedures (TTPs) used by adversaries.
The Person
For the above position, the successful applicant should have the following:
- Bachelor’s degree in Information Technology / Computer Science / Cybersecurity / Engineering (Electrical, Electronic) or related field.
- At least one cybersecurity certification in the list: Cybersecurity certification in either CISA/ CISM/ CISSP/ Security+/Cybersecurity certification in either CEH/CPT/CRT/GPEN/OSCP/ OSWA/OSWE/ LPT/ PenTest+/ ECSA/ CHFI/ or a relevant equivalent certification/ Certified Red Team Expert (CRTE)/Certified Red Team Operator (CRTO)/ Bug Bounty Researcher (ICBBR)/ Certified Information Systems Security Tester (CISST)/PECB ISO/IEC 27001 Lead Auditor.
- Any professional certifications will be added advantage: Penetration Testing / Cybersecurity Assurance Certification /Cisco Cyberops Associate & Professional or any relevant equivalent certification
- Any masters’ degree will be added advantage.
- 5 years’ technology experience with at least 3 years in cybersecurity.
- 3 years’ experience in Penetration Testing and Ethical hacking.
- 2 years’ experience in Offensive Security and Red Teaming.
- 2 years’ experience in System/ Network/ Database/ Containerization and Cloud Platform Administration.
- 2 years’ experience with penetration testing frameworks and tools, such as Kali Linux, The Penetration Testers Framework, Metasploit, Canvas, Cobalt Strike, Burp Suite Pro, Nexpose, Nessus, Wireshark, Nmap
- 2 years’ experience in code review.
The above position is a demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday 20th September 2024.
Qualified candidates with a disability are encouraged to apply.
Only short-listed candidates will be contacted.