Consultant

Penetration Testing - Security Consultant

Vantage Point Security is a Crest Registered specialist in offensive security and Penetration Testing. We employ the same techniques as malicious attackers to identify and report security flaws and weaknesses in our clients business critical systems so they no longer present a risk to the business.

Role Purpose:

The Security Consultant delivers penetration testing & offensive security projects to ensure a successful outcome that at least meets or exceeds the expectations of our clients.

Role Outcomes:

• The customer recognises you as a subject matter expert and they have confidence in the comprehensiveness of the testing methodology and the accuracy of the results.
• The client has prepared the testing environment prior to the project start date so that the engagement is executed smoothly and without delay.
• Penetration testing projects are delivered efficiently and on schedule.
• The quality of the Penetration Testing Report by ensuring it has been peer reviewed and approved for release to the client.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

Role Responsibilities:

• Act as the primary technical owner on own projects internally and externally with the client.
• Perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and report exploitable vulnerabilities across a diverse range of Apps.
• Identify a niche area of penetration testing and become an expert in it.
• When leading a project, provide technical leadership and guidance to assist any team members to master attack methods and reliably perform 100% coverage of all assigned test cases.
• Clearly document and communicate findings and recommendations to the client.
• Continuously learn and master new hacking methods in new and emerging technologies.
• Maintain a minimum of CREST CRT certification.

Penetration Testing:

• Act as the primary contact between the customer and the client on own projects.
• Attend the project kick-off meeting and ensure the client is prepared so that testing can commence on schedule.
• When leading a project, effectively delegate and manage any other Security Consultants and/or Associate Consultants in the project team to ensure the project meets the clients expectations and is successfully completed on time.
• Engage with the client on own projects and Security Consultants and/or Associate Consultants when leading a project to ensure there is a well-defined escalation process for quickly resolving any technical issues during the penetration test.
• When leading a project, communicate effectively with any other Security Consultants and/or Associate Consultants throughout the testing and provide technical support and guidance.
• Escalate any issues as appropriate to the Project Manager and Senior Consultant for quick and efficient resolution, such as time delays and rescheduling.

Reporting and Remediation:

• Ensure the quality and the timely delivery of the Penetration Testing Report.
• Be able to effectively translate complex technical vulnerabilities into real world business impacts that business stakeholders can easily understand, and provide the clients technical representative with clear and effective remediation advice that is actionable.

Team Leadership:

• When leading a project, provide on the job training to Associate Consultants and Security Consultants to ensure they are delivered to VP standards.
• Be an active contributor in sharing knowledge at Vantage Point Show and Tell sessions and help to provide an environment where everybody is continuing to learn and develop.
• Keep up to date with the latest testing and hacking methods and technology advancements.

Required Skills and Experience:

• Minimum CREST CRT Qualification.
• At least 1 year or more hands-on penetration testing experience
• Strong analytical skills, able to leverage complex data to identify opportunities, recognise problems, and draw logical conclusions.
• Basic understanding of programming languages and ideally experience in one or more computer programming or scripting languages such as Python, Bash, PHP, Java, C#, JavaScript, Perl or Ruby.
• Understanding of network architectures, both cloud and physical networks, and the underlying OSI Model.
• Experience with security touch points in the SDLC such as architecture risk analysis, threat modelling, security requirement gathering and source code analysis.
• Utilise manual testing, automated application vulnerability scanning / testing tools and source code review techniques.

Role Information:

Reports to: Principal and/or Associate Principal

Hours: Full Time (40 hours/week)

Language: Must be proficient in spoken and written English.

Location: Primarily based in our Singapore office or at our client sites but may be required to travel occasionally to our other business locations.