Description
Offensive Security Expert (with focus on PENTESTING)- Banking Client - Brussels
Duration: 1 year Freelance Contract
Rate: Circa 700 per day
*Remote working to the end of the year in 2022, you will be required to be onsite only 1 day per week*
Division
As a global critical financial infrastructure, the protection of my clients information and assets is fundamental to the company's business. Security is at the core of our services, firmly Embedded in the management systems and processes of the company.
You will be joining our CISO division in charge of testing the controls that were put in place to adequately and effectively protect our information assets.
You will join the Offensive Security Center who manage and coordinate:
- Penetration testing
- Red team Exercises
- Purple team Exercises
- Static Code Analysis
- Vulnerability Management
The main responsibilities:
- Plan & coordinate security tests with internal stakeholders
- Plan & coordinate security tests with external providers
- Review & analyse security test reports and produce digests/synopsis
- Present & discuss/challenge the results to all relevant stakeholders (technical and non-technical)
- Advise (senior) stakeholders, such as project leads, developers, and analysts on how to remediate and prevent any detected issues
- Contribute to the execution of the security strategy roadmap
In this role you will come in contact with the full spectrum of the attack chain. Ranging from web applications to binary exploitation and infrastructure. Good understanding of the (security) policies will be required to give the final rating that will be presented to stakeholders
In summary, the ideal candidate needs to understand the penetration testing process and practices, be able to review pentest reports and guide team members.
Qualifications
Technical skills
- Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset;
- Good understanding of Application security including OWASP TOP 10, and willingness to learn with regard to a broad range of attacks (SQLi, XSS, Overflows, DLL-Hijacking,...)
- Basic understanding of network principles and protocols
- Basic understanding of Unix and Windows Operating Systems and security practices.
Soft skills
- Be an ethical team player who communicates in an open, respectful and constructive way with her/his customers and peers, both verbally and in writing. You will take ownership and ensure that organizational quality standards are met.
- Be a very good communicator in English, both verbal and written, and able to discuss and defend the security interests with individuals and groups of senior business people as well as deep technical IT experts.
- Be able to work independently, responsibly and professionally with highly confidential information and be punctual with an eye for detail.
- Able to be physically present in the headquarters in Belgium for minimum 1 day a week if requested.
Please do send an up to date copy of your CV to (see below)