Scope of Work and Key Responsibilities
Given the standalone nature of this role, the Specialist must be highly self-motivated, capable of deep technical execution, and skilled at prioritizing high-risk areas.
Heavy Penetration Testing & Offensive Security (Core Focus)
- Conduct regular, in-depth, hands-on penetration testing on the MoF’s internal/external networks, web applications, APIs, mobile applications, and critical financial systems.
- Perform advanced manual testing to identify complex vulnerabilities (e.g., business logic flaws, authentication bypasses, injection attacks) that automated scanners miss.
- Conduct social engineering and phishing campaigns to test the human element of the MoF’s security posture.
- Vendor Management: While executing continuous internal pen-testing, design the scope for and manage external third-party vendors for comprehensive, enterprise-wide annual penetration tests.
Vulnerability Management & Remediation
- Deploy, configure, and manage automated vulnerability scanning tools across the MoF’s infrastructure.
- Analyze scan results, filter out false positives, and prioritize vulnerabilities based on the specific threat landscape of the financial sector.
- Work directly with system administrators, network engineers, and application developers to verify and validate the remediation of identified flaws.
Foundational Security Monitoring & Incident Response
- design, implement, and manage a centralized log management and basic SIEM (Security Information and Event Management) solution.
- Act as the primary (Tier 1, 2, and 3) Incident Responder. Investigate security alerts, contain breaches, eradicate threats, and recover systems during a cyber incident.
- Develop and maintain automated alerting rules to notify the Specialist and ICT management of critical security events.
Security Architecture & Automation
- Advise the ICT Directorate on secure architecture for new financial systems, , and network expansions (Security by Design).
- Develop scripts and automate repetitive security tasks (e.g., using Python, Bash, or PowerShell) to maximize efficiency and scale security efforts without additional headcount.
Key Deliverables
- Penetration Testing Reports: Comprehensive, technical, and executive-level reports following every internal penetration test, including proof-of-concept exploits and step-by-step remediation guides.
- Vulnerability Dashboard: A continuously updated, automated dashboard showing the MoF’s vulnerability posture, aging of critical vulnerabilities, and remediation SLA compliance.
- Incident Response Plan (IRP): A documented and tested IRP tailored for a standalone responder, including clear escalation matrices to external law enforcement or emergency IT support.
- Security Monitoring Baseline: Successful deployment and tuning of a centralized logging/SIEM solution with active alerts for critical financial systems within the first [6 months].
- Quarterly Security Posture Report: An executive summary for the Director of ICT detailing the threat landscape, tests conducted, critical risks discovered, and remediation progress.
Reporting and Coordination
- Direct Reporting: Reports directly to the Director of ICT.
- Internal Coordination: Works closely with Network Administrators, Database Administrators, and Software Developers to ensure vulnerabilities are patched without disrupting critical treasury operations.
- External Coordination: Acts as the technical point of contact for external penetration testing firms, managed security service providers.
Qualifications and Experience
Education:
- Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a closely related field.
Experience:
- Exactly/At least Seven (7) years of progressive, hands-on professional experience in Cybersecurity, with a heavy emphasis on technical execution rather than pure management.
- Minimum of three (3) to four (4) years of dedicated, hands-on experience specifically in Penetration Testing and Offensive Security.
- Proven experience conducting pen tests on complex environments, specifically web applications, APIs, and network infrastructure.
- Experience operating as a standalone security practitioner or building security programs from scratch is highly desirable.
Certifications:
- Mandatory (Offensive Security): Must hold a highly respected, practical penetration testing certification such as:
- OSCP (Offensive Security Certified Professional) - Highly Preferred
- OSEP, OSWE, or PEN-300.
- Alternatives: CEH (Certified Ethical Hacker) or CompTIA PenTest+ (only if accompanied by strong proven practical experience).
- Desirable (General/Defensive): CISSP, CISM, or BTL1 (Blue Team Level 1) to complement the offensive skills with governance and defensive knowledge.
Required Skills and Competencies
Technical Skills (Heavy Offensive Focus):
- Expert-level proficiency with penetration testing frameworks and tools (e.g., Burp Suite Professional, Metasploit, Cobalt Strike, Nmap, Nessus, SQLmap).
- Deep understanding of the OWASP Top 10, SANS Top 25, and advanced exploitation techniques.
- Strong scripting and automation skills (Python, Bash, PowerShell) to write custom exploits, automate scanning, and parse logs.
- Solid understanding of defensive security, network protocols, and how to configure log aggregation tools (e.g., Splunk, ELK, Wazuh) for a solo analyst.
Soft Skills:
- Self-Starter & Time Management: Ability to work independently, prioritize tasks ruthlessly, and manage time effectively without direct supervision.
- Technical Translation: Ability to explain complex, highly technical exploitation chains to non-technical financial executives and translate them into business risks.
- High Integrity: Unquestionable ethical standards
