Security Analyst

DUTIES:

Penetration Testing Duties:

• Work as part of a vulnerability assessment and /or penetration testing team, taking direction from line managers and executing directives in a thorough and timely fashion
• Conduct vulnerability assessments on a wide variety of technologies and implementations utilising both automated tools and manual techniques
• Conduct network penetration tests
• Conduct application penetration tests (web and thick client)
• Conduct wireless and mobile security assessments
• Conduct social engineering assessments
• Conduct physical security assessments
• Effectively communicate successes and obstacles with fellow team members and line managers
• Interface with client contact(s) and staff in a constructive and professional manner
• Develop subject matter expertise in topics to include network, database, wireless and application security assessments and adversarial network operations
• Utilise common vulnerability assessment and penetration testing tools

Red Teaming Duties:

• Working as part of a Red Team and assisting with the following duties (but not limited to):
• Initial reconnaissance – open-source intelligence (OSINT) for collecting information on the targets
• Initial compromise – gaining a foothold into the target environment through targeting weaknesses in people, process and / or technology.
• Deploy command-and-control servers (C&C or C2) and custom payloads to establish communication / persistence in the target’s network.
• Develop tools, techniques and procedures to evade detection by blue team (including the development of custom payloads)
• Escalate privileges and maintain persistence
• Exfiltrate and / or complete objectives

Research and Development Duties

• Research new vulnerabilities with a focus on high-profile products
• Understand the terminology and tactics employed by threat actors Research new attack methods

REQUIREMENTS:

• Minimum 2-5 years of Penetration Testing experience required Including conducting different types of assessments, such as network, mobile, web, thick, wireless, social engineering, physical, etc.

While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.

---