Key Accountabilities: * Leading penetration tests and associated information security project work for clients, both remote and on-site. * Performing application assessments against a wide range or web application technologies. * Presenting whitepapers, advisories and tools. * Developing key relationships with clients, enabling cross-selling of Security capabilities as appropriate. * Performs a major role in developing the team strategy.
Successful outcomes of this role: * Highly developed skills and knowledge base of the penetration testing domain. Confident to lead testing of infrastructures, applications, wireless components, products and perform social engineering, guiding team members as necessary. * Highly regarded externally as a penetration tester and team leader.
Challenges: * Direct reports to be client facing and highlights criticality of technical issues with regard to the client's business. * Ability to exercise discretion in dealing with sensitive information. * Contribution to the team's market presence and the bringing in of further work.
Essential Knowledge, Skills and Experience Required: * Strong technical background in leading penetration testing and has a passion for network security related subjects. * Expert understanding of tools used for penetration testing. Ability to design and build complex tools and scripts. Ability to produce exploits. * In-depth knowledge and understanding of operating systems, networks and services. * Actively researches announcements about new hacking techniques and vulnerabilities. * Expert understanding of host-based security, both theoretical and practical. * Excellent knowledge of IP networking, network hardware, networking tools, common TCP and UDP protocols and services. * Ability to quickly understand client network diagrams and application architectures. * Excellent understanding of HTTP, HTTPS, SSL, authentication mechanisms and session management. * Strong understanding of scripting languages and programming techniques, program architecture and programming languages. * In depth understanding of running tools to identify vulnerabilities, exploiting vulnerabilities and how systems may be hardened to reduce the impact of exploited vulnerabilities.
Essential Personal Qualities and Behavioural Requirements: * Willing to travel and conduct information security and penetration testing work, including out of normal office hours, as and when required by our clients. * Client facing: able to confidently and professionally represent the company, building constructive and positive working relationships with clients at all levels. Seeks feedback from clients and aims to exceed expectations. Displays ethical behaviour in all situations consistent with established standards. * Ability to clearly and confidently present and explain technical issues verbally and in written communications. * Is proactive in identifying research tasks for other team members and delegates tasks as necessary. * Develops others, giving constructive feedback and advice and raising competencies. Readily shares knowledge, experiences and resources with others. Used as a sounding board for ideas. * Well organized and effectively manages own time and that of others to achieve required outcomes. Prioritizes and actions tasks based on priorities. * Takes ownership of decisions and ensures implementation. Is able to make sound decisions in times of uncertainty. Accepts responsibility for decisions on technical problems.