Officer, Vulnerability Assessment & Penetration Testing at Stanbic IBTC

Responsible for simulating cyber-attacks to identify and exploit vulnerabilities within the organization's IT infrastructure, applications, and networks. This role focuses on offensive security techniques to test the effectiveness of security controls and improve the organization's overall security posture.

• Conduct thorough penetration tests on systems, networks, and applications to identify security weaknesses.
• Use a combination of automated tools and manual testing techniques to exploit vulnerabilities.
• Plan and execute red team exercises to test the organization's detection and response mechanisms.
• Use advanced attack techniques to emulate adversaries and assess the organization's security readiness.
• Perform vulnerability assessments to identify and prioritize security risks.
• Analyze assessment results and provide actionable remediation recommendations.
• Prepare detailed reports of findings from penetration tests and red team exercises, including technical details and potential business impacts.
• Present findings to technical and non-technical stakeholders, providing clear explanations and recommendations for remediation.

Qualifications

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), or equivalent can be an added advantage.

Experience:

• 3years experience in cybersecurity, with a focus on red team activities, vulnerability assessment, and penetration testing. Hands-on experience with VAPT tools such as Nessus, Burp Suite, Metasploit, and OWASP ZAP.
• 3years extensive knowledge of Security Operation, Endpoint management, Network Security and Vulnerability management. Extensive knowledge of TCP/IP protocol stacks, firewalls (Checkpoint and ASA), switches and routers. Extensive knowledge of Windows and Linux Operating Systems and cloud computing / cloud security.