• Login Name       Password       Remember me       LOGIN LOGIN    FORGOT PASSWORD


Head: Red Team and Penetration Testing

Job Ref
Job Type
Employer Type
Date Added 3 Jul 2017
Expiry Date 31 Jul 2017
* There have been 3 applications to this job.
* This job has been viewed 1967 times.
Standard Bank


Market related


Role details:
Job purpose description

The Head: Red Team and Penetration Testing is to provide technical and management expertise required to carry out internal and external ethical hacking exercises. Coordinate with other departments and teams to evolve IT Security alignment with Standard Bank’s goals and objectives. Contribute and participate in all stages of a RedPenetration testing team exercises including planning, recon, exploitation, post-exploitation, clean up and support on remediation.
- - - - - - - - - - - - - -
Key Responsibilities
Leadership of the development, provisioning and successful execution of the information Security Strategy and Integration across the Standard Bank Group.
- Responsible for conducting high risk and sensitive ethical hacks of internally and externally hosted applications across the group and according to scope defined by the businessInformation Security Officer;
- Responsible for coordinating and executing system/network level advanced red team and ethical hacking exercises;
- Ensure that staff are able to work outside normal hours (e.g. late nights, weekends etc.) as required for the successful and covert execution of Red team exercises;
- Ensure that the Red team designs and develops scripts, frameworks and tools required for facilitating and executing complex undetectable attacks;
- Responsible for providing severity ratings of red team or penetration testing results outcomes to ensure appropriate remediation actions are applied;
- Responsible for ensuring that penetration tests are performed within timeline and remediation testing & reporting through the application of expert ethical hacking and penetration techniques in a demanding, fast-paced and highly technical environment;
- Responsible for identifying network and system vulnerabilities and provide recommended counter measures or mitigating controls to reduce risk to an acceptable and manageable level;
- Ensures accurate and timely reporting of findings and proposed remediation and mitigations from the team;
- Must provide technical support to Heads of Cyber Security and IT Security in identifying new/existing tools used by the Red and Penetration Testing teams;
- Technical support could include, but not limited to the following: (1) Audit support & remediation, (2) Process Improvement, (3) Analysis & Reporting, (4) Cross Divisional Functional education, training and awareness, (5) Function/Methodology/Strategy advancement;
- Ensure that agendas for training and educating developers andor security professionals on advanced exploits, tools and best practice frameworks are defined;
- Ensure that security assessment services are delivered including network scanning, vulnerability testing, penetration testing, search engine reconnaissance, and support with incident response;
- Assess information security risks associated with both new and existing web, thin-client, and full-client applications in addition to risks in networks and systems;
- Review both commercial and open-source tools to enhance Standard Banks security testing labs;
- Cross-train fellow security team members (architects, analysts, and engineers) on the latest tools and techniques;
- Manage relationships with suppliers that provide services to the bank aligned to Red Team and Penetration Testing.

Doing research on current possible information security threats that could impact the bank

- Develop methods and tools to support an integrated Cyber Security team;
- Review new and emerging exploits and vulnerabilities, and understand how to exploit and defend against them;
- Knowledgeable with interpreted and compiled programming languages;
- Possess a strong understanding of software development methodologies and reverse engineering;
- Perform research on emerging technologies and design frameworks in order to identify vectors of compromise and develop appropriate countermeasures to detect or prevent such weaknesses;
- Strong understanding of visualisation techniques, especially ‘big data’, for pattern analysis purposes.
- Requires comprehensive knowledge and mastery in assigned areas applying skills and competencies in challenging and complex situations.
- Guide the business and appropriate IT executives on the selection of appropriate IT controls in order to combat cyber-security threats leading to fraud;
- Build capability to produce a team that is able to master at least one technology domain and solid working knowledge of at least one other. For example, web applications, system exploitation, network based attacks, Reverse engineering, Mobile security etc.
Reporting to Stakeholders

- Coordinate Red team operational briefings and presentations to Information Security Officers, non-technical audiences and executive management;
- Produce metrics for use by the Risk Management team to identify key improvement areas and to prioritize projects.


- Participate in attracting resources through following and adhering to the recruitment practices. Through collaboration with the Resourcing Manager/Consultant and or Human Capital Business Partner build a pipeline for critical roles in your business area.
- Ensures the effective selection of staff by matching the skills and competencies to the requirements of the job, by following the recruitment policies and procedures.
- Ensures skills assessments and competency-based training takes place as and when required.
- Collaborate with Resourcing Manager/ Consultant and plan the on-boarding process for new entrants. Arrange, allocate and provide IT equipment, desk, telephone, parking and systems access to all required systems for new entrants and transfers into your department.
- Develop and cascade Performance Management goals/contracts and Development plans with all subordinates in line with Group standards and timelines.
- Ensure team’s goals are captured and updates on system are completed as per Group timelines.
- Follow the poor performance process when required in accordance with Group policies and timelines. Consult with Human Capital Business Partner for support with the Poor Performance or Wellness situations.
- Host team meetings on a monthly or as frequently as required and communicate strategy and business communications to team.
- Follow the Disciplinary & Grievance procedures and adhere to specified requirements as laid out in the policies of the bank.
- Execute Talent Management practises, such as having career discussions, participating in a talent review and following through on agreed activities. Participate in Talent Management initiatives/ practises as required by Group.
- Responsible for the retention of relevant skills in order to meet the business needs.
- Responsible for inspiring, motivating, leading and managing the allocated team Responsible for inspiring, motivating, leading and managing the allocated team.
- Develop and manage a Succession plan for your area, ensuring that the succession plans are updated on an annual basis.
- Takes personal responsibility for coaching and mentoring others.
- Effectively delegates authority and responsibility, in line with business objectives, to ensure the empowerment, motivation and effectiveness of all direct and indirect reports.
- Promotes a culture where the values of the Bank are seen to be ‘alive’.
- Ensures the implementation of the leadership competencies and employee engagement programmes (e.g. OHI).
- Partner with Human Capital Partner to facilitate and co-create Occupational Health Index (OHI) planner with team. Participate in executing the OHI planner to ensure culture is enhanced.
- Collaborate with Learning and Development consultant and or Human Capital business partner in creating and executing a learning and development planner for your business area.
- Ensure employees execute all compliance training within the Group timeframes.
- Consult with learning and development consultant on needs not listed in Standard bank Group catalogue.
- Ensure all training plans agreed with employees are executed.
- Prepare and participate in annual Reward practises in accordance with Group policies, guidelines and timelines.
- Utilize recognition programmes in accordance with Group policies, practises, guidelines and timeframes thereby ensuring that staff are appropriately and consistently rewarded and recognised for their achievements and outputs.
- Fosters the transformation of the workplace and supports business in the achievement of the undertakings in the transformation scorecard.
- Action Exit process in accordance with Group policies, practises, guidelines and timeframes.
- Ensure that all systems access has been revoked on the agreed timeline of the termination of contracts as well as retracting all Standard Bank equipment (including cards, keys, etc).
- Manage sick leave and overtime reports and take corrective action where appropriate, alternatively collaborate with Human Capital Business Partner to assess risks and remedial action.
- Action and manage the Occupational Health and Safety procedures and report incident according to Group policies, procedures and timelines.
- Complete the Compensation Occupational Injury and Disease documentation in accordance with Group


IT and Computer Sciences Degree


Job Function: Information Technology
Job Family: Information Risk Management
Years: 5-7 Years
Experience Description: Must have experience and be very proficient with the common tools associated with security operations e.g. proxy technologies, log management and correlation solutions. Must have a solid understanding of voice and data networks, major operating systems, active directory, and their associated peripherals. Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors. Must be able to both work independently as well as effectively work in teams with individuals with a variety of skills and backgrounds)

Job Function: Information Technology
Job Family: Information Risk Management
Years: 5-7 Years
Experience Description: Ability to effectively code in a scripting language (Python, Perl, etc). Experience performing hands on analysis of IT and IT Security system to determine technical root cause and remediation of control weaknesses.

Job Function: Human Capital
Job Family: People Management
Years: 5-7 Years
Experience Description: Demonstrates solid knowledge and ability, and can apply the competency with minimal or no guidance in the full range of typical situations

Job Function: Information Technology
Job Family: Business Partnering
Years: 3-4 Years
Experience Description: Experience working with individuals and teams from diverse cultures

Job Function: Business Support
Job Family: Business Partnering
Years: 3-4 Years
Experience Description: Confident English written and verbal communication skills and experience discussing incident resolutions

Behavioural Competencies

Competency Label: Developing Strategies
Competency Description: This competency includes facets of behaviour such as being visionary, focused on problem solving, and establishing effective plans that take into consideration long-term aspects. This competency also includes the need for individuals to focus on identifying trends.

Competency Label: Interpreting Data
Competency Description: This competency is about interpreting data accurately with an emphasis on the processing and interpretation of numbers. This competency also includes the utilisation of technology.

Competency Label: Convincing People
Competency Description: This competency is about bringing others over to your point of view. The emphasis in this competency is on being persuasive and taking a negotiating approach. In addition, “Convincing People” focuses on individuals being able to shape others’ opinions

Competency Label: Resolving Conflict
Competency Description: This competency is about effectively dealing with disagreements and conflict in the workplace. In order to demonstrate being competent at resolving conflicts in the workplace, individuals are expected to demonstrate that they are able to effectively handle angry individuals and emotionally charged situations.

Competency Label: Team Working
Competency Description: This competency is about working well in a team. In order to develop this competency, individuals are encouraged to acknowledge the views and contributions of others, and to involve others in decision-making.

Competency Label: Providing Insights
Competency Description: This dimension is about providing insight with regards to aspects that are likely to have an impact on the organisation. It is about making it clear to others what the implications of internal and external organisational environmental factors and processes are on the competitive position of the organisation. “Providing Insights” should be done with a focus on improving the situation.

Technical Competencies

Competency Label: General Administration
Competency Description: The ability to effectively and efficiently manage business related data in an accurate manner, through the application of various technologies
Proficiency Level: SEASONED - Applies concepts without requiring supervision, able to provide technical guidance when required

Competency Label: Communication Skills
Competency Description: Ability to express ideas by means of clear and effective writing, in order to support professional communication internally within the Bank and externally.
Proficiency Level: SEASONED - Applies concepts without requiring supervision, able to provide technical guidance when required

Competency Label: Staff Administration
Competency Description: Knowledge and understanding of the payroll system, benefits and payment terms of employees and the ability to process these items correctly on the payroll system.
Proficiency Level: PROFICIENT - Clear knowledge and application of the concept

Competency Label: Control Evaluation
Competency Description: The ability to analyse process controls for effectiveness from a design and implementation perspective
Proficiency Level: PROFICIENT - Clear knowledge and application of the concept

Competency Label: Audit Process
Competency Description: Ability to summarise results of audit reviews into findings and recommendations for utilisation by management.
Proficiency Level: PROFICIENT - Clear knowledge and application of the concept

Competency Label: Audit Process
Competency Description: The ability to assess governance and control frameworks against the appropriate risk appetite and enhance the risk management culture in line with the organisational objectives.
Proficiency Level: PROFICIENT - Clear knowledge and application of the concept

Leadership Competencies

Competency Label: Leading Courageously
Competency Description: Believing in one’s self, own judgement, skills and experience, and using this self-confidence to challenge others for the benefit of Standard Bank.
Proficiency Level Description: Has confidence to bring conflict into the open to be resolved; Is able to confront others (peers, boss, etc.) or brings disagreement into the open with the purpose of resolving it, landing on a decision, to ensure action. Is open and honest when communicating with others (''straight talk''). Challenges popular values, decisions and opinions to ensure that actions are taken in the Bank's best interest. Takes action in defiance of corporate rules and procedures for the greater good of the business and its stakeholders. Accepts personal risks and/or consequences of failure and persist in the face of opposition or fear.

Competency Label: Aligning Business to Strategy
Competency Description: Understands the line-of-sight between strategy and organisational implementation. Translates the organisational strategy into specific decisions and actions to ensure the strategy implementation. Aligns resources to effectively execute against the strategic direction.
Proficiency Level Description: 2 Aligns resources and structure to strategy; Adjusts resources, roles, job structures, accountabilities, processes, systems, etc. to ensure organisational alignment.

Competency Label: Influencing Others
Competency Description: Effectively and strategically influences across the organisation, based on previously established credibility and respect, as well as understanding the organisational dynamics, politics and interpersonal context.
Proficiency Level Description: 1 Knows who needs to be part of the influencing strategy; Knows who the key stakeholders are for a given situation and key people to influence. Includes understanding who is likely to support or resist the initiative, and why