Technical Security Testing

Job Description

<strong>Purpose of the job</strong><p><br></p>Evaluate the security controls for Orange EGs Internal and External systems and Identify new vulnerabilities and exploits that can jeopardize the Integrity, Confidentiality and availability of our Information Systems.<p><br></p><strong>Duties And Responsibilities</strong><p><br></p><ul><li>Perform initial penetration testing for newly acquired/developed systems.</li><li>Identify security issues and vulnerabilities that can jeopardize the confidentiality/Integrity/Availability of information systems.</li><li>Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessment, &amp; social engineering assessments.</li><li>Develop scripts, tools and methodologies to enhance red teaming processes</li><li>Programming skills supporting tool development and customization (shell scripting, Perl, Python, Ruby, C, C++, C#, Java)</li><li>Recognize and safely utilize attackers tools, tactics and procedures.</li><li>Exhibit strong knowledge of tools used for wireless, web application, mobile application and Infrastructure penetration testing.</li><li>Provide technical advise to system/business owners and/or developers on how to mitigate the identified issues.</li><li>Propose compensating controls to mitigate/reduce risks where resolving the root cause is not possible.</li><li>Provide guidance to application developers on secure coding best practices.</li><li>Insure Orange EG’s information systems are properly hardened, including but not limited to operating systems, databases, web servers, and application servers.</li><li>Provide advise to system administrators on how to harden their systems.</li><li>Perform telecom specific security testing to insure the security of our access, core and packet core networks. Identify and resolve any discovered issues.</li><li>Perform periodic penetration testing against Orange EG’s critical systems to address any new security issues.</li><li>Run periodic vulnerability scans against Orange EG’s systems, and insure the findings are addressed in a timely manner according to the asset’s criticality and the risk</li><li>Run on demand scans for newly announced vulnerabilities and address those vulnerabilities with their owner</li><li>Provide executive and detailed technical reports on findings to be used as an input in the risk management process</li><li>Thorough understanding of different network protocols, application frameworks, and database platforms</li><li>Mastery of Unix/Linux/Mac/ Windows operating systems including bash and PowerShell</li><li>Perform assessments against internal and external security standards including but not limited to PCI-DSS, SOX, ISO-27001, and Orange Global Security Policy</li><li>Map business objectives and strategies to identify testing objectives and establish a business oriented risk level.</li><li>Determine needed tools and budget to enhance security testing process.</li><li>Supervise and guide Pen testing team activities </li><li>Ability to define and scope penetration testing requirements</li><li>Ability to document and communicate vulnerabilities and associated security risks with the stakeholders<br></li></ul><p><br></p><strong>Job specification</strong><p><br></p>Education<p><br></p><ul><li>University degree in Telecommunication, Information Technology or Computer Science.</li><li>Fluently reading and writing in English language..</li><li>Certifications such as GPEN, GCIH, OSCP, OSCE, GWAPT, GAWN and/or GMOB is a must<br></li></ul><p><br></p><strong>Experience</strong><p><br></p><ul><li>4-7 years experience in at least three of the following:</li><li>Network Penetration testing</li><li>Mobile and/or web application assessment</li><li>Social Engineering assessment</li><li>Shell scripting and automation of simple tasks using Perl, python, ruby and/or PowerShell</li><li>Developing, extending or modifying exploits, shellcodes, or exploit tools<br></li></ul><p><br></p>Source code review for control flow and security flaws<p><br></p><ul><li>Familiarity with the Telecom industry and its security posture<br></li></ul><p><br></p><strong>Skills And Abilities</strong><p><br></p><ul><li>Executive Presence, Highly effective communicator, well established influencing and negotiating skills</li><li>Strong analytical skills; able to quickly digest any issue encountered and recommend an appropriate solution</li><li>Strong client service orientation</li><li>Self motivated without the need for significant management oversight</li><li>Dynamic team player</li><li>Ability to deal with ambiguity and make expert judgement in the situations where no precedent exists</li><li>Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications tp high level presentations</li><li>Strong understanding of the roles impact on the entire company.</li><li>Ability to maintain a steady work pace with high level of accuracy.</li><li>Must possess a strong sense of ethics and integrity with respect to identified critical security findings (Revenue/Image Impacting)<br></li></ul>