Penetration Testing Specialist

Company Overview:

Advanced technology and cybersecurity company (sirar) established by stc, the region’s ICT and digital services provider, sirar by stc is a cutting-edge cybersecurity provider that empowers organization to take control of their cyber capabilities and digital environments.

As experts in business security and privacy.

We offer a comprehensive range of solutions that help you to operate online safely, securely, and efficiently. The tools we provide help organizations detect and prevent cybersecurity attacks, safeguard their digital future, and provide protection and security from that point forward.

Key Responsibilities:

• Identifies methods that attackers could use to exploit system and network vulnerabilities.
• Mimics malicious social engineering techniques that an attacker would use to attempt a system breach to uncover security gaps and vulnerabilities.
• Gathers information about network topography and usage through technical analysis and open-source research and document findings.
• Uses security testing and code scanning tools to conduct code reviews.
• Recommends security controls to mitigate risks identified through testing and review.
• Conducts required reviews, including reviews of defensive measures, according to the organization’s policies.
• Conducts authorized penetration testing of infrastructure and assets.
• Performs technical and nontechnical risk and vulnerability assessments of organizational technology environments.
• Maintains a deployable cyber defense audit toolkit based on industry best practice to support cyber defense audits.
• Tests for vulnerabilities in web applications, client applications and standard applications.
• Conducts physical security assessments of servers, systems, and network devices.
• Reports penetration testing and vulnerability assessment findings including risk level, proposed mitigation, and details necessary to reproduce the test results.
• Explains business impact of vulnerabilities identified through testing to make case for addressing them.
• Presents test findings, risks, and conclusions to technical and non-technical audiences.
• Designs simulated attacks to reflect impact in the organization's business and its users.
• Supports in collaborating with cybersecurity vendors to drive innovation in Penetration Testing services development and manage overall Penetration Testing service lifecycle.
• Supports in leading the implementation of go-to-market and roadmap for Penetration Testing services solutions & tools.
• Supports in developing Penetration Testing Services’ lifecycle end-to-end, including Ideation, feasibility analysis, planning, sourcing, business case, toolkits and operating models design, commercialization, launch, performance management, and retirement, in collaboration with other Advisory sections.
• Contributes to the overall success of the company by performing all other duties and responsibilities as assigned by line manager.

Qualification:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related discipline.

Professional Certificate:

• Offensive Security (OSCP, OSWP, OSWE, OSEP, etc)
• GIAC (GXPN, GCPN, GAWN, GPYC, etc)
• Pen tester Academy (Red Team Expert)

Years of Experience:

• 3 – 5 years in relevant experience

Skills:

• Advance proficiency in conducting vulnerability scans and determine vulnerabilities from the results.
• Intermediate proficiency in conducting penetration testing in line with the organization's policies and best practice.
• Advance proficiency in developing insights about an organization’s threat environment.
• Advance proficiency in analyzing vulnerability and configuration data to identify cybersecurity issues
• Advance proficiency in mimicking threat behaviors.
• Intermediate proficiency in implementing adversary Tactics, Techniques and Procedures.
• Basic proficiency in service development.
• Basic proficiency in user experience knowledge.
• Basic proficiency in recognizing industry trends & KPIs