Principal Consultant

Penetration Testing - Principal

Vantage Point Security is a Crest Registered specialist in offensive security and Penetration Testing. We employ the same techniques as malicious attackers to identify and report security flaws and weaknesses in our clients business critical systems, so they no longer present a risk to the business.

Role Purpose:

The Principal provides technical commercial support and manages the Professional Services team in the delivery of penetration testing & offensive security projects, to ensure a successful outcome that at least meets or exceeds the expectations of our clients.

Role Outcomes:

• The customer recognises you as a subject matter expert and they have confidence in the comprehensiveness of the testing methodology and the accuracy of the results.
• Primary technical relationship with key accounts, ensuring projects are adequately scoped and that estimated testing times are clearly communicated for producing a Statement of Work (SOW), client has prepared the testing environment and all technical queries relating to penetration testing are promptly resolved.
• Management of the Professional Service team to ensure penetration testing and offensive security projects are delivered efficiently and on schedule.
• Manage and lead large projects including APTs and offensive security projects such as red teaming projects, providing one interface with the client and efficient management of consultant resource to complete the project on time.

• Ensure penetration testing and offensive security project reports have been peer reviewed and approved for release to the client.
• Prepare and give presentations to clients of project results where required.
• All client data is managed in strict accordance with Vantage Point Security data security and protection policies throughout the project.
• Manage the technical recruitment interview process and Professional Service team performance appraisals to ensure personal development plans are in place for all team members.

• Release security advisories and initiate special interest projects.

• Penetration testing methodologies and experiences are shared to enhance team performance.

• Keep up to date with the latest testing and hacking methods and technology advancements through attending and making presentations at technical conferences and events.

• Maintain a minimum of CREST CCT or equivalent certification.

Role Responsibilities:

• Participate in the weekly Operations Meeting and work closely with the Project Manager and be fully aware of all projects in the delivery schedule and their progress status.
• Act as the primary technical owner for projects internally and externally with the client.
• Provide technical leadership and guidance to assist team members to master attack methods and reliably perform 100% coverage of all assigned test cases.
• Perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and report exploitable vulnerabilities, and other offensive security projects.
• Clearly document and communicate findings and recommendations to the client.
• Author new test-cases that meet the requirements of emerging technologies and security requirements.
• Keep up to date with the latest testing and hacking methods and technology advancements through attending and making presentations at technical conferences and events.
• Release security advisories and initiate and manage special interest projects.

Client Relationships and Pre-Sales Support:

• Primary technical relationship with key accounts.
• Ensure projects are adequately scoped and that estimated testing times are clearly communicated for producing a Statement of Work (SOW), client has prepared the testing environment and all technical queries relating to penetration testing are promptly resolved.
• Advise the Project Manager on appropriate resource allocation on a project-by-project basis.

Penetration Testing and Offensive Security Projects:

• Act as the primary contact between the customer and the client.
• Attend the project kick-off meeting and ensure the client is prepared so that testing can commence on schedule.
• Manage the Professional Service team to ensure penetration testing and offensive security projects are delivered efficiently and on schedule.
• Effectively delegate and manage a project team on large projects to ensure the project meets the clients expectations and is successfully completed on time.
• Engage with the client and consultants to ensure there is a well-defined escalation process for quickly resolving any technical issues during the penetration test.
• Communicate effectively with the penetration testers throughout the testing and provide technical support and guidance.

• Act as the final escalation point on all technical issues for clients and consultants, and escalate any issues as appropriate to the Project Manager and Country Manager for quick and efficient resolution such as rescheduling.

Reporting and Remediation:

• Ensure the quality, peer review and the timely delivery of Penetration Testing Reports.
• Be able to effectively translate complex technical vulnerabilities into real world business impacts that business stakeholders can easily understand, and provide the clients technical representative with clear and effective remediation advice that is actionable.
• Prepare and give presentations to clients of project results where required.

Team Leadership:

• Manage the technical recruitment interview process and Professional Services team performance appraisals to ensure personal development plans are in place for all team members.
• Be able to provide effective answers and solutions to any technical questions regarding testing methods, remediation advice and recommendations of reported findings.
• Recommend and support company initiatives that provide the ongoing professional development and wellbeing of the team.
• Support Associates through their CRT accreditation process as a mentor and members of the team to become speakers at conferences and events.
• Be an active contributor in sharing knowledge at Vantage Point Show and Tell sessions and help to provide an environment where everybody is continuing to learn and develop.
• Keep up to date with the latest testing and hacking methods and technology advancements through attending and making presentations at technical conferences and events.

Required Skills and Experience:

• At least 6 years or more hands-on penetration testing and offensive security experience.
• Minimum CREST CCT Qualification.
• Proven ability to manage Professional Services team, both from a delivery and professional development perspective and large projects.
• Strong analytical skills, able to leverage complex data to identify opportunities, recognise problems, and draw logical conclusions.
• Proven track record as a subject matter expert in this field and a detailed technical knowledge of possible vulnerabilities, attacks and appropriate countermeasures to remediate them in both web and mobile applications and cloud and physical networks.
• Demonstrated experience in one or more computer programming or scripting languages such as Python, Bash, PHP, Java, C#, JavaScript, Perl or Ruby.
• Deep understanding of network architectures, both cloud and physical networks, and the underlying OSI Model.
• Experience with security touch points in the SDLC such as architecture risk analysis, threat modelling, security requirement gathering and source code analysis.
• Ability to prepare and present project results to the client, and confidently manage client expectations, issues and build strong technical relationships.

• Confident in public speaking with attendance at previous conferences and events as speaker.

Role Information:

Reports to: Country Manager and Regional Managing Principal

Hours: Full Time (40 hours/week)

Language: Must be proficient in spoken and written English and Bahasa.

Location: Primarily based in our Indonesia office or at our client sites but may be required to travel occasionally to our other business locations.