The Cybersecurity Offensive Specialist service:

• Aims to proactively identify and address security vulnerabilities, misconfigurations., and areas with potential for improvement with regards to security by design, thereby enhancing the overall cybersecurity posture and resilience against cyber threats. Additionally, may involve coordination with other members of the defensive team (e.g. Cybersecurity Incident Responders) for sharing information and insights to address security weaknesses and improve the organization’s overall security posture.
• Conducts manual and automated testing to identify vulnerabilities and security weaknesses in the Contracting Authority’s infrastructure, applications, and systems within a defined scope. This includes assessing the effectiveness of security controls and vulnerability management programs in place, analysing the results of assessments, writing reports, and communicating with stakeholders.

Tasks

Candidate will perform the following tasks:

General activities:

• Identifies and addresses proactively security vulnerabilities, misconfigurations and areas with potential for improvement with regards to security by design, thereby enhancing the overall cybersecurity posture and resilience against cyber threats.

Activities:

• Performs vulnerability scans and assessments to determine potential weaknesses, analyses the results of assessments, writes reports and communicates with customers.
• Conducts manual and automated testing to identify vulnerabilities and security weaknesses in an organization's infrastructure, applications, and systems within a defined scope.
• Assesses the effectiveness of security controls and vulnerability management programs in place, analyses the results of assessments, writes reports and communicates with customers.
• Is involved in purple teaming efforts to help drive improvements in security posture or detections.

Specific expertise requirements:

• Vulnerability management tools (e.g. Nessus Tenable, etc.)
• Penetration testing tools (e.g. Burp Suite, etc.)

Skills and expertise

The following specific knowledge, skills and expertise are required for the performance of the above-mentioned tasks:

• Develop and implement comprehensive vulnerability management strategies and advanced penetration testing strategies.
• Conduct in-depth analysis of zero-day vulnerabilities and emerging threats.
• Provide expert guidance on vulnerability mitigation and remediation strategies, detection strategies and risk management.
• Serve as a subject matter expert in vulnerability management and penetration testing.
• Capability to conduct in-depth security assessments, including code reviews.
• Knowledge of advanced threat actor tactics, techniques, and procedures (TTPs).
• Plan and execute complex penetration tests in on-premises and cloud infrastructure.
• Lead discussions with customers or internal teams to understand business context.
• Identify and exploit zero-day vulnerabilities and advanced attack vectors.
• Proficiency in developing custom scripts and tools for vulnerability analysis and penetration testing.
• Provide detection teams sufficient context for collaborative purple team improvement efforts.
• Contribute to the development of vulnerability management and penetration testing policies and procedures.
• Engage in advanced research and development related to vulnerability management and penetration testing.
• Expertise in vulnerability management, penetration testing and ethical hacking.
• Exceptional risk assessment and management skills.
• Strong communication and presentation abilities to clearly present findings in written and oral form, to both technical and non-technical audiences.
• Leadership and mentorship capabilities.
• Thought leadership in penetration testing and cybersecurity.
• Advanced knowledge of compliance standards and regulations.
• In-depth understanding of cloud security and emerging technologies.
• Proficient knowledge of cloud computing concepts and platforms (e.g., AWS, Azure, etc.)