Job title: Lead Vulnerability Analyst
Job type: Permanent
Emp type: Full-time
Salary type: Annual
Salary from: ZAR 550,000.00
Salary to: ZAR 650,000.00
Location: Pretoria
Job published: 2022-07-20
Job ID: 32127

Job Description

Redherd is a bespoke, boutique information security and technology recruiting partner. Our clients and us tackle some of the most complex security requirements of the modern-day cyber security industry. We obsess about the details and the subtle intricacies of a given position, therefore only run surgical searches and only approach those who possess the skills required, to excel in specific positions. Our candidates come first, and that will always stay at the forefront. Afterall, you know what is best for you.

Our client is a South African based Cyber Security provider with a global reach and customers in the highest spheres of technology and innovation. For over 20 years they have been focussing on Security Assessments, Vulnerability Management and Penetration testing. Delivering world class security assessments, services, and training to their clients.

The client is looking for a Lead Vulnerability Analyst, with experience in the Information Security Industry, ideally within vulnerability management, who can join them on their mission of building a safer digital society for all. You will be responsible for analysing, designing and conducting security vulnerability scans and assessments for multiple group stakeholders.

Key Responsibilities

  • Identify false positives, moderate ratings and verify recommendations by analysing security scan reports
  • Perform penetration testing or manual verification to confirm the presence and assess the risk posed by reported vulnerabilities
  • Configure scans on the stakeholders behalf with the correct settings needed to comply with target and schedule requirements, and appropriate security testing requirements
  • Analyse, design, deliver, configure and manage vulnerability scans for PCI ASV compliance purposes
  • Engage with stakeholders to comprehend their security, risk, and vulnerability management needs and provide an appropriate scanning architecture and strategy to drive their vulnerability management processes
  • Respond to stakeholder requests for advice or support
  • Conduct root-cause analysis and produce vulnerability reports for both technical and management audiences
  • Present and explain vulnerability scanning reports to stakeholders at various levels
  • Perform internal asset-discovery scans and help stakeholders understand their internal environments and plan a scanning strategy accordingly
  • Perform application, mobile, infrastructure, and social engineering assessments
  • Assist with pre-sales to prospective clients
  • Assist with improvements for services, continuously enhancing existing methodology
  • Be a representative at local and international events and forums.

Skills and Experience

  • 3 years of experience in the Information Security Industry
  • Familiar with application and network security concepts
  • Training and experience on a recognised vulnerability scanning platform – Qualys, Nessus, Rapid7 or similar
  • Good communication skills and work well in a team 
  • Familiar with security auditing tools 
  • Experience writing reports
  • Good presentation skills
  • Scripting and coding experience
  • Experience in system administration and networking
  • Ability to think like an attacker, solving complex problems creatively.

Education Required

  • IT related degree, certificates OR relevant experience.
  • One of the industry leading qualifications (OSCP, CEH, CISSP, PCI, CREST, OSCE, OSCW).