About the job Principal Consultant
Penetration Testing - Principal
Vantage Point Security is a Crest Registered specialist in offensive security and Penetration Testing. We
employ the same techniques as malicious attackers to identify and report security flaws and weaknesses
in our clients business critical systems so they no longer present a risk to the business.
Role Purpose:
The Principal provides technical commercial support and manages the Professional Services team in the
delivery of penetration testing & offensive security projects, to ensure a successful outcome that at least
meets or exceeds the expectations of our clients.
Role Outcomes:
The customer recognises you as a subject matter expert and they have confidence in the
comprehensiveness of the testing methodology and the accuracy of the results.
Primary technical relationship with key accounts, ensuring projects are adequately scoped and
that estimated testing times are clearly communicated for producing a Statement of Work
(SOW), client has prepared the testing environment and all technical queries relating to
penetration testing are promptly resolved.
Management of the Professional Service team to ensure penetration testing and offensive
security projects are delivered efficiently and on schedule.
Manage and lead large projects including APTs and offensive security projects such as red
teaming projects, providing one interface with the client and efficient management of
consultant resource to complete the project on time.
Ensure penetration testing and offensive security project reports have been peer reviewed and
approved for release to the client.
Prepare and give presentations to clients of project results where required.
All client data is managed in strict accordance with Vantage Point Security data security and
protection policies throughout the project.
Manage the technical recruitment interview process and Professional Service team performance
appraisals to ensure personal development plans are in place for all team members.
Release security advisories and initiate special interest projects.
Penetration testing methodologies and experiences are shared to enhance team performance.
Keep up to date with the latest testing and hacking methods and technology advancements
through attending and making presentations at technical conferences and events.
Maintain a minimum of CREST CCT or equivalent certification.
Role Responsibilities:
Participate in the weekly Operations Meeting and work closely with the Project Manager and
be fully aware of all projects in the delivery schedule and their progress status.
Act as the primary technical owner for projects internally and externally with the client.
Provide technical leadership and guidance to assist team members to master attack methods
and reliably perform 100% coverage of all assigned test cases.
Perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices,
and mobile applications to discover and report exploitable vulnerabilities, and other offensive
security projects.
Clearly document and communicate findings and recommendations to the client.
Author new test-cases that meet the requirements of emerging technologies and security
requirements.
Keep up to date with the latest testing and hacking methods and technology advancements
through attending and making presentations at technical conferences and events.
Release security advisories and initiate and manage special interest projects.
Client Relationships and Pre Sales Support:
Primary technical relationship with key accounts.
Ensure projects are adequately scoped and that estimated testing times are clearly
communicated for producing a Statement of Work (SOW), client has prepared the testing
environment and all technical queries relating to penetration testing are promptly resolved.
Advise the Project Manager on appropriate resource allocation on a project-by-project basis.
Penetration Testing and Offensive Security Projects:
Act as the primary contact between the customer and the client.
Attend the project kick-off meeting and ensure the client is prepared so that testing can
commence on schedule.
Manage the Professional Service team to ensure penetration testing and offensive security
projects are delivered efficiently and on schedule.
Effectively delegate and manage a project team on large projects to ensure the project meets
the clients expectations and is successfully completed on time.
Engage with the client and consultants to ensure there is a well-defined escalation process for
quickly resolving any technical issues during the penetration test.
Communicate effectively with the penetration testers throughout the testing and provide
technical support and guidance.
Act as the final escalation point on all technical issues for clients and consultants, and escalate
any issues as appropriate to the Project Manager and Country Manager for quick and efficient
resolution such as rescheduling.
Reporting and Remediation:
Ensure the quality, peer review and the timely delivery of Penetration Testing Reports.
Be able to effectively translate complex technical vulnerabilities into real world business impacts
that business stakeholders can easily understand, and provide the clients technical
representative with clear and effective remediation advice that is actionable.
Prepare and give presentations to clients of project results where required.
Team Leadership:
Manage the technical recruitment interview process and Professional Services team
performance appraisals to ensure personal development plans are in place for all team
members.
Be able to provide effective answers and solutions to any technical questions regarding testing
methods, remediation advice and recommendations of reported findings.
Recommend and support company initiatives that provide the ongoing professional
development and wellbeing of the team.
Support Associates through their CRT accreditation process as a mentor and members of the
team to become speakers at conferences and events.
Be an active contributor in sharing knowledge at Vantage Point Show and Tell sessions and help
to provide an environment where everybody is continuing to learn and develop.
Keep up to date with the latest testing and hacking methods and technology advancements
through attending and making presentations at technical conferences and events.
Required Skills and Experience:
At least 6 years or more hands-on penetration testing and offensive security experience.
Minimum CREST CCT Qualification.
Proven ability to manage Professional Services team, both from a delivery and professional
development perspective and large projects.
Strong analytical skills, able to leverage complex data to identify opportunities, recognise
problems, and draw logical conclusions.
Proven track record as a subject matter expert in this field and a detailed technical knowledge
of possible vulnerabilities, attacks and appropriate countermeasures to remediate them in both
web and mobile applications and cloud and physical networks.
Demonstrated experience in one or more computer programming or scripting languages such
as Python, Bash, PHP, Java, C#, JavaScript, Perl or Ruby.
Deep understanding of network architectures, both cloud and physical networks, and the
underlying OSI Model.
Experience with security touch points in the SDLC such as architecture risk analysis, threat
modelling, security requirement gathering and source code analysis.
Ability to prepare and present project results to the client, and confidently manage client
expectations, issues and build strong technical relationships.
Confident in public speaking with attendance at previous conferences and events as speaker.
Role Information:
Reports to: Managing Principal (SEA) and Country Manager
Hours: Full Time (40 hours/week)
Language: Must be proficient in spoken and written English and Chinese.
Location: Primarily based in our Singapore office or at our client sites but may be required to
travel occasionally to our other business locations