- Identify vulnerabilities and exposure within
enterprise networks, systems, and applications.
- Lead or enable exploitation operations in
support of organization objectives and target requirements.
- Perform technical (evaluation of technology) and
nontechnical (evaluation of people and operations) risk and vulnerability
assessments of relevant technology focus areas (e.g., local computing
environment, network and infrastructure, enclave boundary, supporting
infrastructure, and applications).
- Provide recommendations regarding the selection
of cost-effective security controls to mitigate risk (e.g., protection of
information, systems, and processes).
- Provide technical documents, incident reports,
video recorded descriptions, findings from computer examinations, summaries,
and other situational awareness information to relevant stakeholders.
- Conduct and/or support authorized penetration
testing on enterprise network assets.
- Perform penetration testing as required for new
or updated applications.
- Review the security status of a system
(including the effectiveness of security controls) on an ongoing basis to
determine whether the risk remains acceptable.
- Provide recommendations for how to improve the
controls based on test scenario findings.
- Create and conduct custom tabletop exercises.
- Partner with other teams on alert development to
create new alerts and identify gaps in alerting.
- Analyze Threat Trends to identify indicators of
compromise (IOCs)
- Develop your own test scenarios by performing
threat hunts and ethical hack tests.
- Identify control gaps that allow threats to
enter our network.
- Design and develop new tools/technologies
related to cybersecurity.
- Develop specific cybersecurity countermeasures
and risk mitigation strategies for systems and/or applications.
- Exploit network devices, security devices,
and/or terminals or environments using various methods or tools.
- Create comprehensive exploitation strategies
that identify exploitable technical or operational vulnerabilities.
- Test and evaluate locally developed tools for
operational use.
- Identify functional- and security-related
features to find opportunities for new capability development to exploit or
mitigate vulnerabilities.
- Perform analysis for target infrastructure
exploitation activities.
- Conduct exploitation of wireless computer and
digital networks.
- Analyze identified malicious activity to
determine weaknesses exploited, exploitation methods, effects on system and information.
Requirements
- Bachelor's Degree in Computer Science, Information Technology, Electrical & Electronic Engineering, or a related discipline from a reputable higher institution.
- 3+ years experience in a similar role, preferably in a Fin-tech or financial services industry.
- Experience leading projects and mentoring junior team members will be a plus.
- Strong analytical, planning, organization, and problem-solving skills.
- Excellent communication and interpersonal skills, and ability to work independently and as part of a team.
- Experience with web security, application security, and strong red team security experience is essential.
Benefits
Qore provides the rare
opportunity to make history in the financial space for Africa by Africans,
while working with the smartest, brightest & coolest minds in Africa. Our
people & culture team continuously thinks of innovative ways to improve employee
experience and some of the other benefits of working with Qore includes:
- Very Competitive & Rewarding Pay
- Flexible work option (i.e., Remote)
- Paid Lunch for onsite work
- Lifelong Learnings