Sr. Supervisor, Technical Security Testing

Purpose of the job

Evaluate the security controls for Oranges Internal and External systems and Identify new vulnerabilities and exploits that can jeopardize the Integrity, Confidentiality and availability of our Information Systems.

Duties and responsibilities

• Perform initial penetration testing for newly acquired/developed systems.
• Identify security issues and vulnerabilities that can jeopardize the confidentiality/Integrity/Availability of information systems.
• Perform network penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessment, & social engineering assessments.
• Develop scripts, tools and methodologies to enhance red teaming processes
• Programming skills supporting tool development and customization (shell scripting, Perl, Python, Ruby, C, C++, C#, Java)
• Recognize and safely utilize attackers tools, tactics and procedures.
• Exhibit strong knowledge of tools used for wireless, web application, mobile application and Infrastructure penetration testing.
• Provide technical advise to system/business owners and/or developers on how to mitigate the identified issues.
• Propose compensating controls to mitigate/reduce risks where resolving the root cause is not possible.
• Provide guidance to application developers on secure coding best practices.
• Insure Oranges information systems are properly hardened, including but not limited to operating systems, databases, web servers, and application servers.
• Provide advise to system administrators on how to harden their systems.
• Perform telecom specific security testing to insure the security of our access, core and packet core networks. Identify and resolve any discovered issues.
• Perform periodic penetration testing against Oranges critical systems to address any new security issues.
• Run periodic vulnerability scans against Oranges systems, and insure the findings are addressed in a timely manner according to the asset's criticality and the risk
• Run on demand scans for newly announced vulnerabilities and address those vulnerabilities with their owner
• Provide executive and detailed technical reports on findings to be used as an input in the risk management process
• Thorough understanding of different network protocols, application frameworks, and database platforms
• Mastery of Unix/Linux/Mac/ Windows operating systems including bash and PowerShell
• Perform assessments against internal and external security standards including but not limited to PCI-DSS, SOX, ISO-27001, and Orange Global Security Policy

• Map business objectives and strategies to identify testing objectives and establish a business oriented risk level.
• Determine needed tools and budget to enhance security testing process.
• Supervise and guide Pentesting team activities

• Ability to define and scope penetration testing requirements
• Ability to document and communicate vulnerabilities and associated security risks with the stakeholders

Job specification

Education

• University degree in Telecommunication, Information Technology or Computer Science.
• Fluently reading and writing in English language..
• Certifications such as GPEN, OSCP, OSCE, OSWE, GWAPT, GAWN, GMOB, eMAPT is a must.

Experience

• 3-5 years experience in at least three of the following:
• Network Penetration testing
• Mobile and/or web application assessment
• Social Engineering assessment
• Shell scripting and automation of simple tasks using perl, python, ruby and/or PowerShell
• Developing, extending or modifying exploits, shellcodes, or exploit tools
• Source code review for control flow and security flaws

• Familiarity with the Telecom industry and its security posture

Skills and abilities

• Executive Presence, Highly effective communicator, well established influencing and negotiating skills
• Strong analytical skills; able to quickly digest any issue encountered and recommend an appropriate solution
• Strong client service orientation
• Self motivated without the need for significant management oversight

• Dynamic team player

• Ability to deal with ambiguity and make expert judgement in the situations where no precedent exists
• Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications tp high level presentations
• Strong understanding of the roles impact on the entire company.
• Ability to maintain a steady work pace with high level of accuracy.
• Must possess a strong sense of ethics and integrity with respect to identified critical security findings (Revenue/Image Impacting)