Associate Consultant

Penetration Testing - Associate Security Consultant

Vantage Point Security is a Crest Registered specialist in offensive security and Penetration Testing. We employ the same techniques as malicious attackers to identify and report security flaws and weaknesses in our clients business critical systems, so they no longer present a risk to the business.

Role Purpose:

The Associate Security Consultant attains CREST CRT certification, learns other security assurance skills, and assists in delivering penetration testing & offensive security projects to ensure a successful outcome that at least meets or exceeds the expectations of our clients.

Role Outcomes:

• Mentored to achieved CREST CRT certification within 3 months of joining Vantage Point.
• Complete the Associate Consultant training program to become competent with the use of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Perform penetration testing projects as part of a team to ensure they are delivered efficiently and on schedule.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.

Role Responsibilities:

• Achieve CREST CRT certification within 3 months of joining Vantage Point.
• Complete the Associate Consultant training program comprising the learning of penetration testing tools and techniques, including manual testing, automated application vulnerability scanning/testing tools and source code review techniques.
• Support Senior Consultants and Security Consultants to perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and report exploitable vulnerabilities.
• Clearly document findings and recommendations.
• Help to provide an environment where everybody is continuing to learn and develop.
• Continuously learn and master new hacking methods in new and emerging technologies.

Penetration Testing:

• Attend the project kick-off meeting.
• Engage with the project lead to ensure there is a well-defined escalation process for quickly resolving any technical issues during the penetration test.
• Communicate effectively with the project lead throughout the testing.
• Escalate any issues as appropriate to the Project Manager and the project lead for quick and efficient resolution, such as time delays and rescheduling.

Reporting and Remediation:

• Ensure the quality and the timely delivery of the Penetration Testing Report.
• Be able to effectively translate complex technical vulnerabilities into real world business impacts that business stakeholders can easily understand and provide the clients technical representative with clear and effective remediation advice that is actionable.

Required Skills and Experience:

• Ideally a Bug Bounty/Hall of fame participant and commenced the CREST CRT qualification process.
• An unrelenting passion to discover vulnerabilities in cutting edge technologies.
• A Degree in Cyber Security or Computer Sciences.
• Strong analytical skills, able to leverage complex data to identify opportunities, recognise problems, and draw logical conclusions.
• Basic understanding of programming languages and ideally experience in one or more computer programming or scripting languages such as Python, Bash, PHP, Java, C#, JavaScript, Perl, or Ruby.
• Basic security knowledge of network architectures, both cloud and physical networks, and the underlying OSI Model.
• Understanding of security touch points in the SDLC such as architecture risk analysis, threat modelling, security requirement gathering and source code analysis.
• Ability to learn manual testing, automated application vulnerability scanning/testing tools and source code review techniques.

Role Information:

Reports to: Principal and/or Associate Principal

Hours: Full Time (40 hours/week)

Language: Must be proficient in spoken and written Bahasa Indonesia and English.

Location: Primarily based in our Jakarta office or at our client sites but may be required to travel occasionally to our other business locations.