Information Security Analyst - Sandton at Discovery Limited

Key Purpose

• Perform penetration tests using various techniques that mimic real-world attacks to exploit vulnerabilities on web and mobile applications within the Discovery Group.

Areas of responsibility may include but not limited

• Work with relevant stakeholders to determine penetration testing requirements and
• Plan and create penetration methods, scripts and tests
• Carry out penetration testing to expose weaknesses in security
• Simulate security breaches to test a system's relative security
• Create reports and recommendations from findings, including the security issues uncovered and level of risk
• Advise on methods to fix or lower security risks to systems
• Present findings, risks and conclusions to relevant stakeholders
• Consider the impact the 'attack' will have on the business and its users
• Understand how the flaws identified could affect a business, or business function, if they're not fixed.
• Remain abreast with the latest attack methodologies and tactics

Personal Attributes and Skills

• Ability to work in a team environment, outgoing and inter-personal skills
• Ability to work according to project deadlines, under pressure and cope with a highly stressful environment.
• Must be passionate about information security and be current with trending security related topics 
• Has solid technical skills to operate independently and support others within a high performing security team. 
• Ability to operate in high demand and pressure environment 
• Logical reasoning 

Qualifications & Experience

• Relevant degree in Computer Science / Computer Engineering advantageous 
• Relevant Security certifications (CEH, GPEN, OSCP, CREST,etc) 
• 3-5 years experience in penetration testing including web, mobile and cloud applications 
• 2 years experience in Red team engagements and threat analysis 
• Mastery of Linux/Mac/Windows operating systems including Bash, PowerShell and Python. 
• Network/Wireless Penetration Testing 
• Ability to understand and modify code in a diverse range of programming languages and frameworks 
• Proficiency in cryptographic protocols and cipher suites 
• Thorough understanding of network protocols, data on the wire, and covert channels 
• Source code reviews. 
• Familiarity with penetration testing methodology and standards