Click here to load reader
Upload
doannga
View
212
Download
0
Embed Size (px)
Citation preview
Permanent Placement & Consulting Services in Information Technology
817-329-6830 Tel • 817-329-6833 Fax • PO Box 93538 • Southlake, TX • 76092
[email protected] • www.prdfw.com
Security Management
Penetration Testing Manager, TX Job Ref: 20181013
Currently, client is seeking a motivated, career and customer-oriented leader to join our team in Kuala Lumpur to establish an application penetration team. This role will be a Manager to lead and manage the
application penetration team, build out a scalable model and framework and operate the process and delivery model for the Application penetration testing service. This is a growing team, with senior leaderships support and visibility. This role is involved in projects or issues of high complexity that requires an individual who can quickly think on their feet, challenge the status quo, and rapidly move
from ideation to delivery. This position will report to Director, Head of Application Security
Responsibilities: • Lead a team responsible for conducting internal and external penetration testing and automated
web application security testing. • Evolve the delivery model for the Application penetration testing service, including roles and
responsibilities, remediation plans, rollout of best practices, etc.
• Hire, manage, and develop staff of application penetration testers by providing direction,
establishing clear and measurable objectives, managing performance, training and coaching. • Develop and maintain KPIs to help project resource requirements and forecast sub-contractor
usage. • Ensure effective knowledge management of findings and review results of penetration testing in
order to determine severity of findings and identify potential remediation or mitigation strategies
• Monitors and reports progress, problems and solutions in a timely manner. Follows through to
ensure dollars and time estimates are realized within planned limits. • Effectively communicates to management and business sponsors the status of projects and
issues as they relate to the testing process. • Provides clear, consistent, regular communication with all project stakeholders at all levels,
including presentations to senior management, creating agendas and meeting minutes. • In-depth research of the latest adversarial tactics, techniques and procedures (TTPs) and
technologies to remain at the bleeding edge.
• Create and support KPIs and KRIs that measure risk reduction and progress over time.
• Builds a high-performance team
• Develops and mentors staff to achieve career goals and maintain leadership succession planning.
Requirements: • Bachelor’s degree in related field (Business, Information Services, IT, Information Security, etc.);
Master’s preferred. • 10 years of hands on Application Penetration testing experience with at least 4 years in managing
and leading a team of penetration testers.
Permanent Placement & Consulting Services in Information Technology
817-329-6830 Tel • 817-329-6833 Fax • PO Box 93538 • Southlake, TX • 76092
[email protected] • www.prdfw.com
• A Self Starter with strong organizational skills, including the ability to deliver with minimal
supervision and experienced in working in an onsite-offshore model. • Expert knowledge and hands on experience of penetration tools such as Kali l inux, Burpsuite,
Nessus, Metasploit etc. • Expert knowledge of existing, emerging threats, web security principles and attack vectors
• Ability to Author detailed and articulate penetration test reports, including prescriptive
recommendations for remediation options • Extensive knowledge of information and technology security management technologies,
methods, standards, and processes as well as knowledge of compliance, legal, internal / external
audit & regulatory requirements. • Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web
Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
• Strong expertise in the collaboration, facilitation and coordination with the business units for the
mitigation of risks.
• Strong understanding of Application Design, DevOps, TCP/IP fundamentals, network protocols,
system administration and network architectures. • Experience and exposure to large organizational implementations of vulnerability management
programs, with specific emphasis on application security, metrics development and reporting. • Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++,
C#, or Java, including scripting and editing existing code • Knowledge of Web Frameworks such as Spring, Struts Hibernate, ASP, JSP etc and APIs
(JSON/REST/SOAP)
• Understanding of APIs (JSON/REST/SOAP) An aptitude for technical writing, including assessment
reports, presentations and operating procedures. • Strong problem solving and project execution skil ls. Ability to handle changing priorities and drive
difficult decisions. • Ability to solve very complex security issues that span multiple components in an Application
infrastructure. • Ability to lead and motivate the team to achieve tactical and strategic goals.
• Knowledge of common information security management frameworks, including but not l imited
to: ISO 27001/27002, ITIL, COBIT and NIST is desired.
• Professional security management certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT,
GPEN, or GXPN certification(s) or other similar credentials, is desired
Submit your resume for this job by contacting us today!