Senior Penetration Tester

JOB ADVERTISEMENT

Duty Station: Kigali – Rwanda

Report to: Head of Cyber Security

Deadline for applicants: 14^th June 2024

Submit CV, Cover letter, National ID and copy of Academic Degree to: https://career.qtsoftwareltd.com

About the Company 

QT Global Software Ltd is a private company, engaged in web and mobile application development, information security consultancy, and network security services, providing secure solutions to esteemed clients. We collaborate with government agencies, companies, and organizations to create outstanding user experiences, secure solutions, and support and maintenance across the product/solution lifecycle.

At QT Global Software Ltd, we continuously transform our operations to ensure that we provide reliable and cost-effective client-oriented IT services. We achieve this by assembling the best resources in software development, IT infrastructure, and security, as well as the best project leads. We are proud of our past accomplishments and excited about our future prospects.

Our management philosophy and objectives revolve around two key principles:

• Firstly, we strive to become the preferred employer for the brightest and most talented minds in the region.
• Secondly, we prioritize the development, recognition, and rewarding of performance that we deem crucial to our long-term success and sustainability.

Company Values 

All staff at QT Global Software Ltd are connected to a shared set of organizational values:

• Quality Customer Service
• Professional Business Conduct
• Client-Oriented and Secure Solutions

SENIOR PENETRATION TESTER(2)

ROLES AND RESPONSIBILITIES

• Perform security tests on in-house and client’s applications, network devices, on premise or cloud infrastructures
• Collaborate with development teams and clients to understand system requirements to install cybersecurity in SDLC and develop detailed test plans and rules of engagement.
• Research and experiment with various types of cyber attacks to enhance testing methodologies.
• Identifying and documenting procedures and techniques to avoid malware threats and documenting
• Classifying malware by threats and commonalities
• Assess the potential impact of simulated attacks on the business and its users.
• Develop methodologies for VA & PT and apply them to the company ICT Infrastructure and cloud-based systems to find zero-day and existing vulnerabilities and recommend appropriate patches
• Perform DAST and SAST for code review, applications, and systems for security vulnerabilities.
• Plan and test disaster recovery efforts, including creating contingency plans and procedures to address security breaches and minimize disruptions to business operations.
• Investigate the source of the security incidents or breach(where applicable) to identify the IOA/IOC by all applicable cybersecurity means and recommend appropriate actions for future similar cases.
• Create reports and recommendations from the findings, including the security issues uncovered and level of risk to the company management.
• Any other cybersecurity related- assignments.

QUALIFICATIONS & SKILLS

• Bachelor’s degree in computer science, Software Engineering, or a related field.
• Knowledge of IT security hardware, software, networking, and solutions.
• Fluency in source code programming languages such as C#, C++, .NET, Java, Perl, PHP, Python, or Ruby on Rails, plus Low Level Languages
• Skilled competent and expertise within ICT and Cybersecurity Industry and using various OS like UNIX, Linux, MS Windows, etc.
• The ability to create/write source code and Binary Code Analysis.
• Skills in symmetric and asymmetric cryptography, MAC and hash functions
• Knowledge in public key and private key encryption, key exchange, and digital signatures.
• Strong math skills in discrete mathematics, and linear or matrix algebra.
• Proficiency in data structures and cryptographic algorithms.
• Conversant with Cybersecurity VAPT tools
• Ethical integrity to be trusted with a high level of keeping confidential information.
• An in-depth understanding of computer systems and their operation
• The ability to think creatively and strategically to penetrate security systems.
• Programming languages, especially for scripting (Python, BASH, Java, Ruby, Per, etc. l)
• Exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done.
• Eagerness to continuously updating the technical knowledge base and Security Leading certifications (CISA, CEH, CASE, OSCP or CPENT, etc.)
• Ability to write, find PoCs, and exploits.
• Have extensive experience using testing tools and Pentest management platforms.
• Mobile technologies (Android and iOS), networking, cloud architecture skills and binary code analysis
• Knowledge of the fundamentals and advanced concept of networking

N.B: Only shortlisted will be conducted.