Penetration Tester Engineer

Roles and Responsibilities Security Engineer / Penetration Tester will provide penetration testing services for our new and existing client applications, network and infrastructure. The Security Engineer has to identify security weaknesses within client business environments, report on issues, provide technical advice and make recommendations for ongoing maintenance. The Security Engineer will identify security risks and requirements for new projects and system developments to ensure that NIST RMF or other security standards are met. The Security Engineer will help develop strategies to increase the reliability of system outputs, analyze and assess security for clients, and enhance systems security and integrity. • Simulate adversarial threat-based approaches to expose and exploit vulnerabilities to protect Information Systems & Computer Networks. • Maintain and suggests monitoring and analysis tools • Create a security architecture and work with developers to ensure this architecture is part of the development cycle. • Develop tools and solutions that allow organizations to prevent and respond effectively to attacks. • Document procedures, requirements, and protocols. • Developing a set of security standards and practices • Recommending security enhancements • Installing and using software, such as firewalls and data encryption programs • Conducting scans of networks to find vulnerabilities • Conducting penetration testing • Monitoring networks and systems for security breaches or intrusions • Developing automation scripts to handle and track incidents • Leading incident response activities • Helping plan an organization’s information security strategy Test and validate the effectiveness of customers’ IT security posture based on various security standards such as NIST SP 800-115. • Participate in (Penetration and Social Engineering) client meetings required to document the requirements and produce a project Rules of Engagement (ROE). • The ROE shall at a minimum, include the System Under Test (SUT), pentest activities, project time lines, communication plan, scope, project purpose, and the intended outcome and benefits of testing relating to the requestor’s security requirements • Generate a Penetration Testing Technical Report (PTR) that will summarize the project within the Executive Summary and at a minimum, identify the high security risks, threats, and failures found during the project; have a detailed findings section detailing every finding with an overview, evidence, root cause analysis and recommended mitigation plan of action addressing each security issue; and will be delivered to the client. Qualifications Required Education and Experience • Bachelor's degree required. Computer Science, IT, Computer/Electrical Engineering • Proven experience developing, operating and maintaining security systems • Extensive knowledge of operating system and database security • Proficiency in networking technologies (security, monitoring and solutions) • Knowledge of security systems including anti-virus applications, content filtering, firewalls, • In-depth knowledge of security protocols and principles • Knowledge of Secure SDLC and security standards like OWASP, CWE, NIST, OSSTMM 5 Penetration Testing • Proven experience in identifying and exploiting business logic and framework related vulnerabilities in removing false positives, analyzing dynamic scan webinspect, analyzing static scan tools, and appscan reports • Certified training in information security e.g. CEH, CISSP, OSCP, COBIT or equivalent • Experience working with RMF and NIST 800-53 • Experience with mobile application penetration tests on iOS and Android platforms Work Environment Required Certification Desired Certifications Acceptable Certifications Certified Ethical Hacker CISSP CSSP Analyst Penetration Testing
Certeon Technology
Nairobi, KE