Penetration Tester

Are you an experienced Cyber Security professional looking for an exciting challenge? Capitec Bank is seeking a skilled Penetration Tester to join our team in Stellenbosch.

In this crucial role, you will help protect our business from cyber threats by testing applications and processes, identifying weaknesses, and contributing to the development of world-class cybersecurity capabilities.

What You Will Do

As a Penetration Tester, your main responsibilities will include:

• Assessing and testing the security of Capitec Bank’s applications and processes.
• Identifying potential security vulnerabilities and weaknesses.
• Helping to build and enhance the bank’s cybersecurity defenses through knowledge sharing, education, training, and research.

Who We Are Looking For

Minimum Requirements:

• Experience: 3 – 5 years in cyber security testing, with a focus on risk identification and communication.
• Education: Grade 12 National Certificate / Vocational AND a Certification in Information Technology.

Ideal Requirements:

• Experience: 5+ years in cyber security testing, with 2-3 years in financial services/banking. Experience with Agile and DevOps models is a plus.
• Education: A relevant tertiary qualification in Information Technology or IT Engineering.

Skills & Knowledge You Need

Essential Knowledge:

• Manual and automated security testing of infrastructure, networks, and web applications/services.
• Technical vulnerability assessments (understanding CVE and CVS databases).
• Applying best practice technical reviews against company and industry standards.
• Familiarity with common network protocols, system architecture, and operating systems.
• Knowledge of logical access reviews and audits.
• Understanding of TTPs/MITRE Attack Framework and the threat landscape.
• Ability to communicate and report risks clearly to the business.
• Proficiency in pen-testing tools (Security distros and intercepting proxy tools).
• Familiarity with vulnerabilities listed in OWASP Top 10 (Web, Mobile, API) and OSSINT.
• Understanding of system architectures (Windows, Unix, Linux, RedHat) and databases (MySQL, MSSQL, Oracle).
• Knowledge of networking protocols, WAFs, proxies, DLP, firewalls, and other perimeter security technologies.
• Ability to read and understand at least one scripting language (e.g., Python, Bash, PowerShell, C/PHP/Java).
• Experience testing web services, mobile, and cloud applications.

Ideal Knowledge:

• Cyber Security Threat modelling and Attack-Path mapping.
• Experience participating in Red-Team/Purple teaming exercises.
• Familiarity with industry regulatory requirements for information security.
• Proficiency in scripting (Python, Bash, PowerShell).
• Reverse engineering of malware/exploits.

Key Skills:

• Excellent Communication Skills
• Computer Literacy (MS Word, Excel, Outlook)
• Strong Attention to Detail
• Analytical and Problem-Solving Skills

Important Conditions of Employment

• A clear criminal and credit record is essential.

Ready to Apply?

If you’re an energetic, self-motivated individual who shares our passion for service in the banking industry, we invite you to apply! Capitec Bank is committed to diversity and employment equity goals.

To apply, please follow these two important steps:

1. First, learn more about life at Capitec and complete a short assessment by clicking here.
2. Once you’ve completed the assessment, finalize your application by clicking the “Apply now” button.