Foster and maintain relationships with key stakeholders and business partners.
Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests.Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators.Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation.Mentor and coach other IT security staff to provide guidance and expertise in their growth.Act as a source of direction, training, and guidance for less experienced staff.Produce actionable, threat-based, reports on security testing results.Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.Automate penetration and other security testing on networks, systems and applications.Develop and maintain security testing plans.Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices.Understand how the flaws that you identify could affect a business, or business function, if they're not fixed.Consider the impact your 'attack' will have on the business and its users.Present your findings, risks and conclusions to management and other relevant parties.Advise on methods to fix or lower security risks to systems.Create reports and recommendations from your findings, including the security issues uncovered and level of risk.Simulate security breaches to test a system's relative security.
Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security. Plan and create penetration methods, scripts and tests. Work with clients to determine their requirements from the test, for example, the number and type of systems they would like testing. Understand complex computer systems and technical cyber security terms. Assist in scoping and executing prospective engagements. Develop scripts, tools, or methodologies to enhance MSI’s penetration testing processes. While in-between assessments, you will be expected to improve any existing processes, develop tools, and potentially find new clients and perspective hires. Estimated work load is 1-3 assessments per month, consisting of a 1-2-week assessments including report writing. Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results. Understand and safely use various open source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures. Other duties as assigned, assist in scoping and executing prospective engagements. Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff. Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures. Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing. Document security issues and impacts identified through offensive operations in a clear and concise manner to facilitate reporting to impacted stakeholders. Conduct highly complex security audit and offensive security operations testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
0 kommentar(er)
