Cyber Security Specialist (Red Team) (CPT Hybrid)
IT – Software Development ~ IT – Support ~ IT – Infrastructure
Cape Town – Western Cape
THE technical expertise of an energetic, output-driven, and skilled Red Teamer is sought to fill the critical role of a Cyber Security Specialist whose core role will be to support the execution of the Cyber Security strategy and roadmap by a reputable Retail Group. Your primary focus will be on Red and Purple Teaming – helping to build and mature the ability to test, validate and mature controls. This includes responsibility for Penetration Testing and Application Security. This is a technical role requiring practical experience in penetration testing, red teaming, and SDLC security. The successful incumbent must have 4 years hands-on Penetration Testing & Red Teaming work experience, a demonstrated track record of applying technical knowledge to help improve security and be proficiency with Burp Suite, Checkmarx, Cobalt Strike, Metasploit, Android, iOS & Huawei.
- Hacking the planet – get your hands dirty and pull apart code, whether it is application, mobile, platform, container or on-premise or cloud infrastructure – and look for bugs.
- Coordinate application and infrastructure penetration testing with internal and external parties according to our internal methodology and where relevant, in line with compliance requirements (e.g., PCI).
- Support the building and maturing of the red and purple teaming capability area, leveraging technology and automation with the goal of continual control validation.
- Modelling Threats – enhance and optimise infrastructure, platform, application and mobile security by identifying threats, vulnerabilities and associated countermeasures.
- Draft funky but professional reports to detail the findings of the assessments, including appropriate recommendations to mitigate identified security issues.
- Help drive and validate remediation of findings.
- Maintain and enhance cool toolsets – manage the relevant tools required for mature product security that include Pen Testing, Secure Coding and Source Code Analysis. Investigate new approaches, technology and automation to challenge traditional thinking and raise the level of security.
- Secure the development of products– integrate security practices into the software development lifecycle, verify the security of internally and externally developed applications and services during and after development and deployment. Actively participate in the SDLC though guidance, education, input and facilitation.
- Consult with application development teams during projects and initiatives.
- Provide AppSec reporting for operational security dashboards.
- Provide AppSec guidance via documentation, standards, and collaboration.
Additional Responsibilities –
- Supporting the Blue Team to wield their shields – support the team in responding to security incidents when needed.
- Supporting the broader Cyber SecOpsTeam – collaborate with the broader SecOps Team, to drive and support various operational and strategic initiatives. Champion or co-champion internal security solutions and/or processes.
- Minimum of 4 years’ hands on experience in Penetration Testing and Red Teaming.
- Experience with tools such as Burp Suite, Checkmarx, Cobalt Strike and Metasploit.
- Knowledge of programming languages, Android, iOS and Huawei.
- Demonstrated track record of applying technical knowledge to help improve security.
- Ability to adapt and take on new tasks and challenges.
- Ability to script and automate processes.
- Relevant qualifications and Certifications such as OSCP, OSWE, SANS and CREST.
- Is aware of and responsive to internal and external events and influences on the technical landscape.
- Ability to research technology-related concepts, trends, and best practices, and apply findings.
- Appropriately derives and organises the essence of information to draw solid conclusions.
- Looks beyond symptoms to uncover root causes of problems to be solved.
- Synthesises data from different sources to identify trends.
- Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself.
- Proactively approaches others to obtain missing information.
- Demonstrates a results-oriented mindset in planning and implementing activities/projects.
- Clearly defines objectives and translates them into workable activities.
- Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed.
- Prepares written reports and briefs and communicates ideas clearly.
- Speaks fluently in team meetings when presenting information.
- Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so.
- Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation.
- Adjusts to work effectively within new work structures, processes, requirements, or cultures.
- Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change.