OnePoint HR and Management Consultants

Job Detail

Technical Assessment Consultant (Penetration tester) - Muscat Technical Assessment Consultant (Penetration tester) - Muscat Information Technology




Job Description:

This role is challenged with the responsibility of identifying, triaging, filtering, and documenting vulnerabilities and threats across the enterprise and working with business unit partners to harmoniously resolve security matters. In addition, this role will be responsible for the continued production, support, implementation, and tracking of vulnerability management, penetration testing activity, and logging and event management workflows. The chosen candidate for this role will also be tasked with aiding in the creation of a comprehensive threat intelligence program and thus responding, if necessary, to events/incidents on a timely basis. This position will also have operational responsibility in the disciplines of incident response while advancing the program development of key risk and performance indicators in support of compliance metric tracking and reporting procedures.


  • Work with sensitive and confidential information while maintaining the highest level of confidentiality, professionalism, and ethics
  • Ensuring consistent evaluation of scan results identifying immediate threats, assessment of risk and corrective action for a large volume of assets using an established information security assessment methodology
  • Proficiency working with both internal and external partners to calibrate security toolsets while documenting security processes, procedures, and findings
  • Triage and filter scan results of web application, database, network and system security assessments to identify, research and eliminate false positives and other redundancies to ensure reporting of only relevant threats and risks to the enterprise
  • Employ use of automated tools or manual assessment techniques to determine validity of findings and emerging threat vectors
  • Identify anomalies or patterns in vulnerability scan, penetration test, and logging and event management results that may indicate pre-incident indicators, ineffective processes, procedures, standards and recommend and communicate findings, both in written reports and in presentation format, to the Information Security Team and business unit partners
  • Demonstrate to asset owners a proof of concept in validating exploitability of vulnerability and explain the threat in a manner in which all levels of the corporation can understand
  • Review security advisories, assess risk, relevance, priority and communicate findings to clients
  • Understand and communicate attack chains to management and other stakeholders
  • Develop Dashboards and reporting that highlight the effectiveness of risk mitigation over time
  • Other security-related projects that may be assigned according to skills


Required Qualifications:

  • Strong ethics and understanding of ethics in business and information security
  • Minimum of 6+ years of experience in the Information Security discipline supporting large enterprise vulnerability management, penetration testing, and event logging programs
  • Assist with incident response and potential breach activities, on a 24x7 schedule, only if necessary
  • Proficient in analysing and validating scan results, knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each
  • Working knowledge of the NIST Technical Guide to Information Security Testing and Assessment security tools (e.g., Nessus, Qualys, Nexpose-Rapid 7, Metasploit, Web Inspect, AppDetective, nmap, Kali Linux, amongst others)
  • Excellent communication, collaboration, and strong project management skills
  • Nessus Certified Professional will be preferred


Additional Skills:

  • Experience in incident response procedures and investigations
  • Experience with vulnerability, malware, penetration and web application vulnerability scanning tools
  • Writing and developing clear and easily understood reports, metrics, scan schedules
  • Ability to work collaboratively and across all business units and levels of the organization
  • Ability to track and manage large data sets; identified vulnerabilities and action items to a state of documented resolution



Careers by Category