Lead Penetration Tester

About The Position

Requirements

• Penetration testing: Level 5 (SFIA) - Plans and drives penetration testing within a defined area of business activity.
• Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls.
• Takes responsibility for the integrity of testing activities and coordinates the execution of these activities.
• Provides authoritative advice and guidance on all aspects of penetration testing.
• Identifies needs and implements new approaches for penetration testing.
• Contributes to security testing standards.
• Penetration Testing and conducting Simulated Attack Exercises: Level 5 (CIISEC) - Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking complex penetration tests.
• Undertakes penetration exploits as part of a simulated attack exercise under direction.
• Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents.

Nice To Haves

• CompTIA Security +
• CompTIA PenTest +
• Certified Ethical Hacker
• CREST Registered Penetration Tester
• Offensive Security Certified (OSCE3)
• GIAC Penetration Tester

Responsibilities

• Oversee the execution of test cases using in-depth technical analysis of risks and typical vulnerabilities.
• Lead cyber penetration testing and vulnerability assessments using relevant tools and methods against a variety of technologies.
• Conduct and lead complex threat simulation activities to identify weaknesses and/or opportunities in technical security controls.
• Oversee the catalogue of test findings and potential measures.
• Oversee and approve security testing plans.
• Provide highly technical subject matter expertise to system owners and stakeholders to improve system security posture.
• Conduct highly complex analysis and research to identify improvements to cyber threat tools, techniques and procedures.
• Manage and coordinate a variety of risk analysis and assessments on cyber security matters.
• Perform web application and mobile penetration testing against complex enterprise platforms using a variety of technologies.
• Conduct infrastructure penetration testing against enterprise grade systems.
• Collaborate with system owners to develop test scope and preparation for testing ensuring remediation has been completed effectively.
• Review reports, briefs and documentation and communicate technical findings and recommendations
• Transfer highly technical skills and knowledge to other staff through continuous coaching and on-the-job training to support succession planning.
• Lead and support the operations of a team, including setting priorities and managing performance, resources and workflows.
• Exercise delegations in line with legislation and guidelines.

Benefits

• A hybrid WFH arrangement, usually a minimum of 3 days/week onsite, will be considered from the location of their capital city.
• $90 - $110 per hour (inc. super)