Position Overview:We are looking for a highly skilled Security Analyst (Penetration Tester) to join one of South Africa’s largest and most reputable security consulting firms, based in Pretoria. This semi-hybrid role offers a dynamic and challenging environment where you will apply your expertise to perform penetration testing, vulnerability assessments, and risk analyses across a range of systems, networks, and applications. You will play a crucial role in helping the client strengthen their security posture through advanced testing and actionable security recommendations.Key Responsibilities:Penetration Testing: Conduct advanced penetration tests across various platforms, including web applications, networks, and internal/external infrastructures, to identify vulnerabilities and weaknesses.Vulnerability Assessments: Perform thorough vulnerability assessments and scans, identifying attack vectors and providing strategic recommendations.Reporting and Documentation: Prepare and deliver clear, concise penetration testing reports that outline technical findings, business impact, and risk mitigation strategies.Collaboration: Work closely with internal teams and clients to assess, document, and remediate vulnerabilities discovered during testing.Research & Development: Stay up-to-date on emerging security trends, vulnerabilities, attack methods, and penetration testing tools. Contribute to developing internal methodologies and best practices.Client Engagement: Effectively communicate penetration testing results to clients, providing insights into risk levels, and actionable next steps for remediation.Security Awareness: Mentor junior staff and share knowledge to foster a collaborative and continuous improvement culture within the team.Key Skills and Qualifications:Experience: 3-5 years in penetration testing or security analysis, ideally in a consulting environment.Technical Skills:Hands-on experience with penetration testing tools such as Burp Suite, Kali Linux, Metasploit, Nessus, and Nmap.Strong understanding of web application security (OWASP Top 10, SQL Injection, Cross-Site Scripting, etc.).Expertise in network security, firewalls, IDS/IPS, VPNs, and security monitoring tools.Proficient in scripting languages (Python, Bash, etc.) for automation and exploit development.Familiarity with cloud environments (AWS, Azure, GCP) and securing cloud systems is a plus.Knowledge of risk management frameworks (e.g., NIST, ISO) is beneficial.Certifications (One or more):Offensive Security Certified Professional (OSCP)eLearnSecurity Certified Professional Penetration Tester (eCPPT)Hack The Box Certified Penetration Tester (HTB CPT)Altered Security Certified Penetration Tester (ASCP)Practical Network Penetration Tester (PNPT)Additional certifications such as Certified Ethical Hacker (CEH), CompTIA Security+, CISSP, or CISM are also beneficial.Soft Skills:Strong analytical and problem-solving abilities.Exceptional communication skills, capable of presenting technical findings in a clear and structured manner to both technical and non-technical audiences.Ability to manage multiple client engagements and work independently in a fast-paced environment.Why Join Our Client?:Join one of South Africa's leading security consulting firms, known for its innovative solutions and high-impact security projects.Exposure to a diverse set of clients and cybersecurity challenges, offering immense career growth opportunities.Access to continuous training, industry certifications, and professional development.Competitive salary and benefits.
