Description
Role:
In this role you will come in contact with the full spectrum of the attack chain. Ranging from web applications to binary exploitation and infrastructure. Good understanding of the (security) policies will be required to give the final rating that will be presented to stakeholders
Your main responsibilities:
- Plan & coordinate security tests with internal stakeholders
- Plan & coordinate security tests with external providers
- Review & analyse security test reports and produce digests/synopsis
- Present & discuss/challenge the results to all relevant stakeholders (technical and non-technical)
- Advise (senior) stakeholders, such as project leads, developers, and analysts on how to remediate and prevent any detected issues
- Contribute to the execution of the security strategy roadmap
In summary, you must understand the penetration testing process and practices, be able to review pentest reports and guide team members.
Your Technical skills
- Sound security design principles, based on confidentiality, integrity and availability requirements and other ISO27002 security principles are an asset;
- Good understanding of Application security including OWASP TOP 10, and willingness to learn with regard to a broad range of attacks (SQLi, XSS, Overflows, DLL-Hijacking,...)
- Basic understanding of network principles and protocols
- Basic understanding of Unix and Windows Operating Systems and security practices.