Offensive Service Lead (Senior Pentester)

About the job
General Description (Job Summary)

Senior Pentester will work towards planning, delivering, and managing engagements to assess, improve, build, and in some cases operate integrated security operations for our clients. He will lead a team of Pentesters and work on Di8it Security Project Portfolio.
This role also requires an advanced understanding of information security, risk management, IT controls and related standards.

Job Purpose

The purpose of this job is to identify potential threats and vulnerabilities to operational environments. Projects may include penetration testing, red teaming, vulnerability assessment, breach and attack simulations, social engineering, and other offensive security related projects. It also includes simulating physical breaches to gaps in implemented cyber security functions. Deployment of resource may be at Di8it Clients premises for temporary or permanent basis.

Key Duties and Responsibilities

Security Services Technical Team Lead Role

Provide Cyber security technical testing services and carry out application, network, systems and infrastructure penetration test and vulnerability assessment through in-depth technical analysis and exploitation of vulnerabilities.
Perform manual and automated penetration tests on computer systems, networks, web and mobile applications and attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc. and possible abnormal activities, such as worms, Trojans, viruses, etc.
Implementation of Network Monitoring and continuous monitoring of business-critical applications and network appliances.
Carry out analysis of security events and report problems.
Develop subject matter expertise or focused capabilities in the topics of design and development security.
Demonstration of the proofs-of-concept of the identified security gaps to clients.
Document and Report on security findings and testing results to a range of stakeholders.
Review Project final deliverables and reports ensuring quality and accuracy.
Manual review of the code from a security standpoint and specifically the business logic functions.
Reviewing and perform Security assessment of Web applications/API security and WebView based Mobile Application which have cross platform support for both Android and iOS.
Perform Initial reconnaissance - open-source intelligence (OSINT) for collecting information on the target.
Working on a Jailbreak/Root device with the ability to test on a hardened device.
Perform manual and tool-based Code Review on Web Application Source Code.
Validating the mobile application controls as per the OWASP MASVS L1/L2/L3 Controls.
Analyzing the mobile app components and its internals such as IPC, code signing, sandboxing, Android activities/services/content providers and broadcast receivers.
Client Servicing and Technical Project Lead Role

Managing a team of Pentesters for multiple projects simultaneously.
Effectively communicate status updates, findings and strategy to client and project stakeholders including technical staff, executive leadership, and legal counsel.
Support Project Managers in providing customers a high level of care and technical quality.
Team mentorship and Trainer role

Assist his team in identifying the problem at the root of several technical issues.
Provide mentorship for Pentesters as requested.
Research and development

Evaluate and select from a range of Offensive security especially penetration testing tools.
Design and develop scripts, frameworks, tools, and the methods required for facilitating and executing complex attacks and emulating adversarial tactics, techniques & procedures.
Keeping an Eye on New Emerging Security Risks and Threats.
Attend technical trainings and maintain certifications accordingly to keep update with technologies.
Review Training internal resources.
Additional responsibility as assigned by the competent authority and prescribed in organizational policy.

Experience

A minimum of 8+ years cyber security work experience of delivering cyber security services.
A minimum of 5+ years of supervisory professional work experience of pentesting projects.
A minimum of 3+ years of experience in managing team.
Must Have experience with the following:
Web and mobile application testing
Red Teaming
Active Directory attack techniques
Code review, and
Reverse engineering
Prior working experience of Cyber Kill Chain and MITRE ATT&CK frameworks.
1-3 years of experience in one of the following: Network operations or engineering or system administration on Unix, Linux, Windows preferred.

Knowledge Requirements

In depth knowledge of cyber security, IT security best practices, common attack types, and detection/prevention methods.
Understanding of cyber security standards, TCP/IP network protocols, their common port assignments, and various Active Directory attack techniques.
Detailed understanding of security technologies (Antivirus, Forensics, Anti-malware, HIPS) and type of events that both Firewalls, IDS/IPS, and other security-related devices produce.
An understanding of web-based application vulnerabilities (OWASP Top 10).
Familiarity to perform network, iOS and Android penetration testing and popular attacks vectors.
Familiarity with software attacks and exploitation techniques.
Familiarity with at least one software programming language and framework is a plus.
Updated and familiarized with emerging technologies, latest exploits and security trends.
Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc).
Having detailed knowledge of Application Security tools, technologies, and best practices.
Understanding of common cloud technologies and devOps processes in AWS, GCP, Azure, Docker, Kubernetes, Terraform, etc.

Education

Master’s degree in Information Security, Computer Engineering, Computer Technology Information Systems preferred.
Bachelor’s degree in Computer Engineering, Computer Technology, or similar discipline preferred.

Certifications

Any of the following certifications (Must Have)
OSCP
OSWP
eCPPT
eWPT
eWPTX
eMAPT
eNDP
PNPT
CEH

Personality Traits (If any)

Ability to maintain confidentiality and carry out assignments that are sensitive in nature.
Ability to interact effectively with executive level clients.
Strong leadership skills with a proven ability to manage teams and provide mentorship.
Willingness to work at or visit client premises (if required) to give presentations & meet with potential customers.

Behavioral Competencies and Skills

Ability to interact with clients, utilizing consulting and negotiating skills.
Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and move swiftly from concepts and theory to action Team-oriented skills.
Maintain a high degree of awareness of the current threat landscape.
Resolve problems independently and understand escalation procedure.