Senior Consultant

Penetration Testing - Senior Consultant

Vantage Point Security is a Crest Registered specialist in offensive security and Penetration Testing. We

employ the same techniques as malicious attackers to identify and report security flaws and weaknesses

in our clients business critical systems so they no longer present a risk to the business.

Role Purpose:

The Senior Security Consultant leads others in the delivery of penetration testing & offensive security

projects to ensure a successful outcome that at least meets or exceeds the expectations of our clients.

Role Outcomes:

The customer recognises you as a subject matter expert and they have confidence in the

comprehensiveness of the testing methodology and the accuracy of the results.

Penetration testing projects are delivered efficiently and on schedule.

Projects are adequate scoped and that estimated testing times are clearly communicated for

producing a Statement of Work (SOW).

Penetration testers are well informed and prepared to commence testing on schedule.

The client has prepared the testing environment prior to the project start date so that the

engagement is executed smoothly and without delay.

The quality of the Penetration Testing Report by ensuring it has been peer reviewed and

approved for release to the client.

All client data is managed in strict accordance with Vantage Point Security data security and

protection policies throughout the project.

Role Responsibilities:

Act as the primary technical owner for projects internally and externally with the client.

Work closely with the Project Manager and be fully aware of all projects in the delivery schedule

and their progress status.

Perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices,

and mobile applications to discover and report exploitable vulnerabilities.

Provide technical leadership and guidance to assist team members to master attack methods

and reliably perform 100% coverage of all assigned test cases.

Clearly document and communicate findings and recommendations to the client.

Author new test-cases that meet the requirements of emerging technologies and security

requirements.

Continuously learn and master new hacking methods in new and emerging technologies.

Maintain a minimum of CREST CRT certification.

Presales Support:

Provide presales support by attending project briefings and perform technical scoping to assist

with the production of SOWs.

Advise the Project Manager on appropriate resource allocation on a project-by-project basis.

Penetration Testing:

Act as the primary contact between the customer and the client.

Attend the project kick-off meeting and ensure the client is prepared so that testing can

commence on schedule.

Effectively delegate and manage a project team on large projects to ensure the project meets

the clients expectations and is successfully completed on time.

Engage with the client and consultants to ensure there is a well-defined escalation process for

quickly resolving any technical issues during the penetration test.

Communicate effectively with the penetration testers throughout the testing and provide

technical support and guidance.

Escalate any issues as appropriate to the Project Manager and Associate

Principal/Principal/Country Manager for quick and efficient resolution such as time delays and

rescheduling.

Reporting and Remediation:

Ensure the quality and the timely delivery of the Penetration Testing Report.

Be able to effectively translate complex technical vulnerabilities into real world business impacts

that business stakeholders can easily understand, and provide the clients technical

representative with clear and effective remediation advice that is actionable.

Team Leadership:

Provide on the job training by overseeing Associate Consultants and Consultants on smaller

assigned projects to ensure they are delivered to VP standards.

Be able to provide effective answers and solutions to any technical questions regarding testing

methods, remediation advice and recommendations of reported findings.

Recommend and support company initiatives that provide the ongoing professional

development and wellbeing of the team.

Support Associates through their CRT accreditation process as a mentor.

Be an active contributor in sharing knowledge at Vantage Point Show and Tell sessions and help

to provide an environment where everybody is continuing to learn and develop.

Keep up to date with the latest testing and hacking methods and technology advancements

through attending technical conferences.

Required Skills and Experience:

At least 3 years or more hands-on penetration testing experience

Minimum CREST CRT Qualification.

Strong analytical skills, able to leverage complex data to identify opportunities, recognise

problems, and draw logical conclusions.

Demonstrated experience in one or more computer programming or scripting languages such

as Python, Bash, PHP, Java, C#, JavaScript, Perl or Ruby.

Understanding of network architectures, both cloud and physical networks, and deep

understanding of the underlying OSI Model.

Experience with security touch points in the SDLC such as architecture risk analysis, threat

modelling, security requirement gathering and source code analysis.

Role Information:

Reports to: Country Manager and Principal Consultant/Regional Managing Principal  

Hours: Full Time (40 hours/week)

Language: Must be proficient in spoken and written English and Chinese.

Location: Primarily based in our Singapore office or at our client sites but may be required to

travel occasionally to our other business locations