Information Security Specialist - Penetration Tester

Responsibilities:

• Conduct Penetration Tests: Perform thorough and methodical penetration testing on web applications, mobile, AI, network infrastructures, and other systems to identify security vulnerabilities.

• Vulnerability Assessment: Assess and analyze security weaknesses, and provide actionable recommendations to mitigate risks and improve overall security posture.

• Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.

• Develop and Execute Test Plans: Design and execute detailed test plans

• Stay Current: Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective.

• Collaborate with Teams: Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements.

• Perform Risk Assessments: Evaluate and assess potential security risks related to new and existing systems and technologies.

• Compliance: Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies.

Requirements:

• Technical Skills:

  • Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali.

  • Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles.

• Analytical Skills: Strong analytical and problem-solving abilities with attention to detail.

• Communication: Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.

• Ethical Standards: Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards.

Preferred Qualifications:

• Experience with penetration testing in AI, cloud environments (e.g., AWS, Azure) and PCI testing.
• Familiarity with security standards and frameworks
• Certifications: Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.
• Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities
• Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team

SHAREHOLDER

• Adhere to internal policies / procedures, technology control standards, and applicable regulatory guidelines
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement
• Adhere to and advise on / oversee / monitor / enforce enterprise frameworks and methodologies that relate to technology controls / information security activities
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
• Remain informed of emerging issues, industry trends and/or relevant changes
• Define / develop / implement / manage standards, policies, procedures, and solutions that mitigate risk and maximize security, availability of service, efficiency and effectiveness
• Actively manage relationships with other areas of Technology / businesses / corporate and/or control functions and ensure alignment with enterprise and/or regulatory requirements
• Keep abreast of emerging issues, trends, and evolving regulatory requirements and assess potential impacts to the Bank
• Assess / identify key issues and escalate to appropriate levels and relevant stakeholders where required
• Maintain a culture of risk management and control, supported by effective processes and sound infrastructure in alignment with risk appetite
• Participate in business specific / cross-functional / enterprise initiatives as a subject matter expert helping to identify risk / provide guidance
• May develop / provide / contribute to complex reporting, analysis, and assessments at the functional or enterprise level

EMPLOYEE / TEAM

• Continuously enhance knowledge / expertise in own area
• Keep current on emerging trends / developments and grow knowledge of the business, analytical tools and techniques
• Prioritize and manage own workload to deliver quality results and meet assigned timelines
• Support a positive work environment that promotes service to the business, quality, innovation and teamwork and ensure timely communication of issues/ points of interest
• Identify and recommend opportunities to enhance productivity, effectiveness and operational efficiency
• Establish effective relationships across multiple business and technology partners, program and project managers
• Participate in knowledge transfer within the team and business units

BREADTH & DEPTH

• Expert knowledge of IT security and risk disciplines and practices
• Advanced knowledge of organization, technology controls / security / risk issues
• May participate on complex, comprehensive or large projects and initiatives
• Acts as a lead expert resource in technology controls / information security for project teams, the business / organization and/or outside vendors
• Generally reports to Senior Manager or above