Cyber Testing Director

Job Description :

Qualification and Minimum Entry Requirements :

- Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain

- Technical background in networking/system administration, security testing or related fields

- In-depth knowledge of TCP/IP

- Good knowledge of Perl, Python, Bash, or C experience

- Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.)

- Configuration and Security experience with firewalls, switches, routers, VPNs

- Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115

- Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box)

- Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.)

- Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.)

- One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc)

- In addition, one or more of the following governance certifications is preferred : Certified Information Systems Security Professionals- (CISSP- ); Certified Information Systems Auditor- (CISA- ); Certified Information Security Manager- (CISM- )

- Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management

- Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices

Technical Requirements :

- Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc

- Ability to recognize and validate significant findings past initial scanning/recon

- Web Services penetration testing (RESTful, CURL and SOAP)

- API penetration testing experience

- Conducts periodic scans of networks to find and detect vulnerabilities

- Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel

- Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients

- Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements

- Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing)

- Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders

- Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach

- Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing

- Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools

- Expert knowledge of tools used for wireless, web application, and network security testing

- Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms

- Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers

- Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience

- Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment

- Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver

- Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment

Nice to have :

- Mobile application penetration testing experience

- Cloud penetration testing experience (AWS and Azure)

Soft Skills Requirement :

- Ability to work independently under minimal supervision and within a team.

- Manage project tasks and deadlines within a multi-time zone remote culture.

- 5- 10 years of customer-facing consulting experience

- Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences.

- 5+ years of experience managing a diverse team of technical testers

- Proven experience improving technical quality of the team

- Report regularly to management on improvements and team challenges

- 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries

- Ability to train others and improve technical skills of a team

Key Takeaways :

1. Role Scope & Responsibilities :

- The Cyber Testing Director will be a highly technical leader with strong team management capabilities.

- The role requires someone who can either bring their own team or effectively track and manage existing teams.

- This individual will oversee client-level projects (not just internal cyber security work).

- They should be able to interact with C-level executives, deliver end-to-end cyber security solutions, and ensure quality assurance in project execution.

2. Technical Expertise Required :

Core Competencies :

- Red Teaming expertise is a must.

- Experience in Web Services, Azure, and various penetration testing methodologies.

- Ability to handle multiple client projects simultaneously.

Security & Penetration Testing :

- Strong expertise in Cloud Security (mandatory).

- Web application penetration testing is a critical skill.

- Hands-on experience in various penetration testing types, including: Mobile, Web, Application, Network

Tools & Techniques :

- Penetration Testing Tools : Burp Suite, OWASP Top 10, REST & SOAP API security testing.

- Security & Open Source Tools : Linux, Wireshark, Nessus, Qualys.

- Security Techniques & Best Practices : BIOS Security, Threat Modeling, Network Discovery, Port & Service Identification, Vulnerability Scanning, Password Cracking, White, Gray, and Black Box Testing

Preferred Certifications :

- Candidates should ideally hold at least one of the following : OSCP, GPEN, CISSP, CISA, CISM