VAPT Consultant

Role Summary

We are looking for experienced consultants to join our S&P team at Protiviti. The role will primarily involve executing and managing diverse client engagements. While the role is based in KSA(Riyadh) resources may travel across various client locations in the Middle East, etc.

The successful applicant will be responsible for assessing the security posture of client systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of information systems in accordance with the client's business objectives, regulatory requirements, and strategic goals.

Responsibilities

1. Provide innovation within the context of the Vulnerability and Penetration Testing (VAPT) program in relation to both process and technology.
2. Serve as a Subject Matter Expert (SME) for the Attack & Pen function.
3. Perform authorized attack surface reviews, penetration tests, and red team assessments against specific targets.
4. Provide assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based on sound risk management principles.
5. Update standards and procedures designed to continually improve security posture
6. Assess the sufficiency of policies, standards, and procedures relative to security best practices
7. Contribute to the security-related information repositories and other business development endeavors.
8. Mentor junior members of the team and provide constructive consultation to other peer groups.

Background Requirements

1. Computer Science Bachelor’s Degree or substantial equivalent.
2. 1 to 4 years of professional experience in information security with a focus on technical assessments.
3. Commanding knowledge of pen testing concepts and best practices.
4. Extensive experience with common Pentesting tools such as Nessus, Appscan, Burp Suite, Nipper, Exploit Pack etc.
5. Proficiency with other common attack tools and frameworks such as Wireshark, Kali, and Metasploit, etc.
6. Ability to validate the presence of identified vulnerabilities with accuracy.

1

1. Mastery of common application platforms and technologies to effectively understand and evaluate complex application assessments via the use of manual techniques and simple tools such as proxies and browser plugins.
2. In-depth understanding of OWASP, CVE general security controls, and other foundational topics such as the latest application and operating system exploits.
3. Knowledge of common scripting and programming languages like python, shell script etc.
4. GIAC GPEN, GWAPT, CREST or OSCE preferred.

Personal Skills

1. Ability to maintain critical thinking and composure under pressure.
2. Strong written and oral communication skills in English. Ability to convey complex concepts to business audience.
3. Ability to be productive and maintain focus with minimal supervision.
4. Understands VAPT in the context of risk management and organizational priorities.