Working with Global Business Services, you will be responsible in delivering bespoke penetration testing of servers and applications to identify vulnerabil-ities and mitigating the potential impact of the exploitation of undetected or un-addressed vulnerabilities.
Designs and executes penetration tests that demonstrate how an adversary can either subvert the organization's security posture, goals or achieve specific adversarial objectives.
Manages and coordinates Resilience testing activities with other teams. Designs and maintains testing techniques and methodology to ensure tests are per-formed in accordance with them and provide Manager with an overview of ABB’s risk exposure from internal and external threats.
Interacts with other security departments with regards to assessing the risk deriving from the findings along with potential mitigations.
This position reports to
IS Application Security Manager
Coordinate external penetration testers conducting testing engagements on ABB assets, by scoping prospective engagements.
Coordinates and manages planning of penetration tests, within a defined area of business activity.
Delivers objective insights into the existence of vulnerabilities, the effective-ness of defenses and mitigating controls - both those already in place and those planned for future implementation.
Takes responsibility for integrity of testing activities and coordinates the execution of these activities.
Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases.
Provides authoritative advice and guidance on the planning and execution of vulnerability tests.
Defines and communicates the test strategy, manages all test processes and report status to Application Security Manager.
Bachelor’s or Master’s degree in Information Technology, Computer Science, Software Engineering, or a related qualification, and / or proven capability through past employment experience
8+ years of Information Security experience with at least 4 years in leading service delivery and security operations and at least 2 years in performing network / application penetration testing
Strong experience in security services operations from design, launch and maintenance. Services across network, endpoint security, datacenter / cloud etc.
Excellent written and verbal communication skills, and ability to present complex and technical issues to diverse audiences including senior management
ITIL 4 Foundation certification required,
CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or penetration testing related (required (e.
g. GPEN, GWAPT, OSCP, OSWE, eWPTX) certification preferred
Knowledge of networking fundamentals (all OSI layers). Thorough under-standing of network protocols, data on the wire, and covert channels.
Understanding of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, Injection, CSRF, etc.
Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
Practical experience in mobile and / or web application assessments, shell scripting or automation of simple tasks (using Perl, Python, or Ruby), developing exploits, reverse engineering malware, source code review for control flow and security flaws.
Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
Detailed knowledge of current international best practices in privacy.