Senior Penetration Tester at Ecobank

About the job

Job Summary
Report to 

• Head, Governance, Assurance and Compliance

Report to

• Head Information Security/Group Chief Information Security Officer

Job Purpose:

• To lead a team of security engineers in pen tests and security assessments.
• As the Senior Penetration Tester on Information Security Governance Security Assurance team, lead the security assessments in a variety of projects that will target, evaluate and test areas that will include network equipment, servers, applications, mobile devices, and other information systems within the Group and its third parties
• On these Group wide projects, lead on the usage of a variety of tools and techniques that include red teaming and social engineering, as well as, have the opportunity to combine technical expertise your imagination to discover innovative methods for ensuring that the Group remains one step ahead of its adversaries around the world.

Job Context:

• Information Security Penetration Testing
• Exploitable Vulnerability Detection and Reporting
• Overseeing remediation of Vulnerabilities

Job Dimension
Key Performance Indicators/ Performance Goals:

• Average Number of information security related exploits reportedper year
• Percentage downtime due to Security incidents.
• Cost savings by using internalpenetration test ratherthan outsourcing
• Security breachdetection time/security failure repairtime.
• Number information systemassets implemented into production network without a penetration test
• Number of major changescompleted without penetration testing report and remediation.
• Number of security breachesdue to existing exploitable vulnerabilities
• Number of continuous improvement initiatives recommended per year.
• Number of detectedexploitable vulnerabilities not remediated within agreedtimeline

Job Skills/Experience:

• IndustryCertified SecurityProfessional (OSCP, GPEN, eCPTXv2)
• 10 years minimum information security experience
• 7 years experience with penetration testing
• Bachelor of Science in computing or any related fields
• Owasp, PCI DSS and ISO 2700x
• OSCP is highly desirable
• Intermediate Linux scripting skills
• IS Security Administration
• Use of Security Penetration testing tools (Cobalt Strike, Burp Suite Pro, ZAP, Kali Linux, Core impact, Metasploit, e.t.c)
• IS security Product Knowledge
• General technical skills including TCP/IP, Networking, Operating system architecture, application development/implementation, database administration.
• Additional knowledge areasof value include malware analysis, vulnerability assessment and computer forensics
• Good document writing skills
• Ability to work in a Multicultural Environment
• Proven track record of achieving results and managing teams.
• Ability to build rapport with Executive Committee, VPs and Cluster/Regional Executives
• Constructively manage all stakeholders and break barriers
• Ability to build and lead effective and successful teams
• Analytical thinker combined with skills of thinking outside the box
• Withstanding pressurewithout it having effecton efficiency or quality
• Open to change and ability to createand drive change
• Ability to deal with ambiguity and a changing environment
• Experience leadingcross-‐functional teams
• Experience managingmultiple large-‐scale projects simultaneously
• Strong analytical and diagnosticskills
• Highly attentive to detail
• Ability to multi-task
• Ability to work well under pressure
• Resourceful
• Friendly and approachable

Core Processes To Reengineer:

• Information securityinternal processes in relationshipto information technology
• Definition of ownership of functional responsibilities
• Improvement of information securityKPIs