Penetration Tester

Apply By:

We're on the lookout for energetic, self-motivated individuals who share our passion for service in the banking industry. To be part of the journey, follow the steps below:

1. 1. To see what life at Capitec is all about and complete a short assessment, please click here!
2. 2.  Once you have completed the above finalize your application by clicking apply below.

Purpose Statement

• To ensure that the business is prepared and skilled to mitigate any cyber security threat through
• Assessing and testing the applications and processes of the Bank.
• Identifying potential areas of weaknesses from a security perspective.
• Playing a key role in developing world class cyber security capabilities within the Bank by means of knowledge transfer, education, training and research.
• Assessing and testing the applications and processes of the Bank.
• Identifying potential areas of weaknesses from a security perspective.
• Playing a key role in developing world class cyber security capabilities within the Bank by means of knowledge transfer, education, training and research.

Experience

Minimum:

• 3 – 5 years’ experience in cyber security testing
• Risk identification and communication relating to cyber security

Ideal:

• 5+ years in cyber security testing
• 2 – 3 years financial services / banking experience 
• Experience with the Agile and DevOps models

Qualifications (Minimum)

• Grade 12 National Certificate / Vocational
• Certification in Information Technology

Qualifications (Ideal Or Preferred)

• A relevant tertiary qualification in Information Technology or Information Technology - IT Engineering

Knowledge

Minimum:

• Manual and automated security testing of infrastructure, networks, and web applications\services
• Technical vulnerability assessments (CVE and CVS database knowledge)
• Best practice technical reviews; using company and industry standards
• Common network protocols, system architecture, and operating systems
• Logical access reviews and audit
• Knowledge of TTP's/MITRE Attack Framework, threat-attack landscape
• Strong communication and reporting skills, articulate risk to business
• Solution and white-boarding of systems to be assessed
• Ability to read\understand at least 1 scripting language (e.g. Python, Bash, PowerShell, C\PHP\Java code)
• Experience in testing web services, web\mobile applications, and cloud applications
• Proficiency with pen-testing tools (Security distro’s and intercepting proxy tools)
• Understanding and familiarity of vulnerabilities included in methodologies such as OWASP Top 10 (Web, Mobile, API) and OSSINT 
• Understanding of system architectures and platforms (e.g. Windows, Unix, Linux and RedHat)
• Understanding of tiered web application\service\cloud architectures and related databases (MySQL, MSSQL and Oracle)
• Understanding of networking protocols and architectures, WAF’s, web and reverse-proxies, DLP, e-mail proxy, DAM, firewalls and perimeter security technologiesEnd User Infrastructure Service technologies (e.g. Print Management Solutions)

Ideal:

• Cyber Security Threat modelling and Attack-Path mapping
• Conducting and participating in Red-Team\Purple teaming exercises
• Familiarity with industry regulatory requirements, specific to information security
• Proficiency in scripting with at least 1 scripting language (e.g. Python, Bash, PowerShell)
• Reverse engineering of malware\exploits

Skills

• Communications Skills
• Computer Literacy (MS Word, MS Excel, MS Outlook)
• Attention to Detail
• Analytical Skills
• Problem solving skills

Conditions Of Employment

• Clear criminal and credit record

Capitec is committed to diversity, applications to this position will strictly be considered in support of our employment equity goals.