Cybersecurity Penetration Testing Consultant

About the Job
This role is critical in enabling STCBank to stay ahead of cybersecurity assurance. The ideal candidate will have a robust background in cybersecurity vulnerability scanning and testing, along with a proven track record in effective cybersecurity regulations, frameworks, and international standards.

Key Responsibilities:

1. External Network Penetration Testing:

   • Identify vulnerabilities in STCBank's external-facing systems, networks, and applications.
   • Conduct port scanning, vulnerability scanning, and exploitation attempts to identify potential attack vectors.
   • Assess the effectiveness of firewalls, intrusion detection systems (IDS), and other security controls.

2. Internal Network Penetration Testing:

   • Evaluate the security of internal networks, systems, and applications.
   • Identify vulnerabilities in network devices, servers, and workstations.
   • Assess the effectiveness of internal security controls, such as access controls and segmentation.

3. Application Penetration Testing:

   • Assess the security of web applications, mobile applications, and other software systems.
   • Identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
   • Test authentication mechanisms, authorization controls, and data validation processes.

4. Social Engineering Testing:

   • Simulate social engineering attacks to evaluate employee awareness and susceptibility.
   • Test phishing, pretexting, and other social engineering techniques.
   • Identify vulnerabilities in STCBank’s social engineering defense mechanisms.

5. Wireless Network Assessment:

   • Evaluate the security of wireless networks, including Wi-Fi and Bluetooth.
   • Identify vulnerabilities in access points, encryption protocols, and authentication mechanisms.
   • Assess the effectiveness of wireless intrusion prevention systems (WIPS).

6. Cloud Security Assessment:

   • Assess the security of cloud-based infrastructure and applications.
   • Identify vulnerabilities in cloud platforms, virtual machines, and storage systems.
   • Evaluate the effectiveness of cloud security controls and best practices.

7. Vulnerability Scanning:

   • Conduct regular vulnerability scans to identify and address security weaknesses.
   • Use automated scanning tools to identify known vulnerabilities and prioritize them based on risk and severity.

8. Reporting and Recommendations:

   • Provide detailed reports outlining findings, recommendations, and remediation strategies.
   • Clearly communicate the severity of identified vulnerabilities and their potential impact.
   • Offer guidance on implementing security measures to address identified risks.

9. Ongoing Support:

   • Provide ongoing support and assistance with implementing recommended security measures.
   • Be available for consultation and advice on cybersecurity matters.

Qualification and Experience Requirements:

• 5-10 years of experience in providing cybersecurity vulnerability assessment and penetration testing services to financial institutions, preferably banks in Saudi Arabia.
• Bachelor’s degree with industry-proven certifications like CEH, OSCP, eJPT, etc.
• Proven track record of successfully helping organizations achieve compliance with relevant cybersecurity regulations.
• Deep understanding of the SAMA Cybersecurity Framework, NCA Cybersecurity Requirements, PCI DSS, and GDPR.
• Strong working knowledge of cybersecurity best practices and frameworks such as NIST Cybersecurity Framework.
• Ability to assess and identify potential cybersecurity vulnerabilities within a banking environment.
• Excellent communication, collaboration, and project management skills.