Reports to: AM IS
Location: Head Office, Islamabad
Penetration Tester shall employ various techniques, tools and approaches on Bank’s digital infrastructures to identify, test and highlight vulnerabilities in the Bank’s Security Posture. The incumbent shall perform comprehensive vulnerability assessment to define, identify, classify and prioritize vulnerabilities in computer systems, applications and network infrastructures. Identification of IOCs and ensuring that they are attended to.
Pen Tester shall facilitate the IT team in resolution of identified vulnerabilities by providing them adequate guidance.
Perform Vulnerability Assessment and Penetration
Testing of SME Bank’s Digital infrastructure.
Create new testing methods to identify
Perform physical security assessments of systems,
servers and other network devices to identify areas
that require physical protection.
Pinpoint methods and entry points that attacker may
use to exploit vulnerabilities or weaknesses. Search
for weaknesses in common software, web applications
and proprietary systems.
Research, evaluate, document and discuss findings
with IT teams.
Review and provide feedback for information security
Establish improvements for existing security
services, including hardware, software, policies and
Identify areas where improvement is needed in
security education and awareness for users.
Be sensitive to corporate considerations when
performing testing i.e. minimize downtime and loss
of employee productivity.
Stay updated on the latest malware and security
Performs all duties and responsibilities as assigned
Knowledge/Skills and Abilities Required
• Comprehensive knowledge of tactics, techniques, and
procedures associated with malicious insider
activity, organized crime/fraud groups and both state
and non-state sponsored threat actors.
• Must be able to critically examine an organization
and system through the perspective of a threat actor
and articulate risk in clear, precise terms.
• Proficiency in Vulnerability Assessment and
Penetration Tools like Metasploit, Burp Suite, Cobalt
Strike, Nessus, Hashcat etc.
• Sound knowledge of networks, major operating systems,
active directory etc.
• Strong computer and analytical skills.
• Creative problem solver, fast learner and challenge-
• Ability to prepare clear and concise documentation.
• Ability to work well with customers and team members.
• Strong verbal face-to-face / phone and written
Education: Bachelors in Computer Science 4yrs. or
Equivalent IT qualification
Experience: One year’s experience in a similar role is a
Certifications: Industry Standard Accreditations will be preferred.
CISM, CISSP, ISO27001, CRISC, CISA, CEH, COBIT, GIAC Security Essentials, SSCP – Systems Security Certified Practitioner, Comp TIA Security & any other emerging etc.
Age Limit: Up to 30 years