Cyber Security Engineer (Penetration Testing)

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
The role requires for a Cyber Security Engineer / Consultant who will be responsible for supporting various Cyber Security workstreams on – Penetration Testing Vulnerability Assessments Secure Code Reviews Cyber Exercises Awareness Programmes and Security Assessments.

Responsibilities:

• Perform web application penetration testing
• Perform manual source code review for web applications
• Preparing penetration testing and source code review reports and presenting them to management and project teams
• Perform red teaming activities
• Lead in coordination efforts with selected penetration testing vendors for the assigned workstreams
• Drive the scheduling of the workstream programme and remediation timelines
• Maintain troubleshoot patch and update various security tools and scanners used in the workstream
• Recommend the re-engineering and streaming of processes to improve workflows and efficiencies research and advise on tools to update/increase security testing as part of CI/CD pipeline
• Present management reporting and dashboarding to stakeholders with analysis of data and trends and recommend next steps
• Follow up on remediation actions security and risk assessments with respective stakeholders and applications teams
• Drive the conduct of cyber exercise design of scenarios situational injects and post-exercise reporting
• Drive the security awareness programme in disseminating advisory messages based on the prevailing threats lead in coordinating with service providers on phishing campaigns and awareness courseware analysing report statistics and innovating to promote Cyber Security awareness culture

Required Technical and Professional Expertise

• A Bachelor’s degree in Computer Science Information Technology Cyber Security or other related field or equivalent in experience
• Experienced in using tools such as Kali Linux Burpsuite Nessus etc.
• Knowledge of the principles and objectives of the various Cyber Security testing workstreams
• Technical knowledge of security vulnerabilities validation of remediations and risk assessments
• OSCP Certified
• CREST Certified (Preferred)
• Professional certifications such CISSP CEH etc. preferred.

Preferred Technical and Professional Expertise

• At least 5 years of relevant working experience
• Familiar in at least one of the following – Penetration Testing Vulnerability Assessments Secure Code Review DevSecOps cyber exercises awareness programmes
• Hands on experience in operating and maintaining enterprise security tools such as Tenable Nessus vulnerability scanner
• Familiarity with security testing on cloud environments is advantageous
• Familiarity with scripting for automating tasks using Perl Python etc. is advantageous