Grey bar Blue bar
Share this:

Mon, 3 Nov 2014

Are you the intern we've been looking for?

intern


 


We're looking for an intern to join our newly formed 'Innovation Centre' arm of SensePost/SecureData. Have a read below for some more information, and drop us a mail if you're interested or would like some more info (glenn@sensepost.com).




The purpose of the Innovation Centre is to offer an incubation hub through which new ideas, concepts and other technical and business innovations can be collected & captured and then rapidly described, prioritised researched, prototyped, tested, advocated and transitioned into the business.


About the Intern Position:


The ideal candidate should have a computer science or similar background, but equivalent work experience or self taught candidates will also be considered. The following specific requirements are required:


* Familiarity with at least one scripting language, preferably Python
* Fundamental understanding of networking
* Linux experience
* A positive attitude with a capable problem solving capabilities


The following points would be seen as a bonus:
* Strong computer science degree
* Industry experience (e.g. holiday internship).
* Web development capabilities
* Security knowledge / experience
* Experience with embedded or similar systems (e.g. Pi, Arduino, etc)


Whilst SensePost is an information security company, this specific internship does not directly relate to an info-sec position, but the projects worked on will relate to info-sec. The internship is for placement in the Innovation Centre. Day to day tasks are likely to include:


* Writing PoC scripts
* Providing support to InnoCentre analysts (e.g. writing Maltego plugins, debugging issues, testing new hardware/software).
* Liaising with partners/clients

Fri, 27 Jun 2014

The SensePost Academy: Wrecking Balls

There is a serious skills shortage in our industry. There are just not enough skilled hackers out there to fill all the open positions. In November of last year, I proposed a new approach for us at SensePost to address these concerns. I looked at what we could do as a company to ensure the next generation of hackers were being educated correctly (no, it's not about how you use a tool) and moulded into what we, at SensePost, perceive to be good penetration testers.


I termed this the SensePost Academy and it is a structured training programme for all new recruits looking at a life at SensePost in the Assessment team. It is a combination of basic technical + offensive attack approaches and client interaction skills that provide an excellent stepping stone for those looking at starting a career as a penetration tester. The academy runs for a period of six months, finishing with a final culminating exercise (CULEX) before the decision is made to accept the recruit into the assessment team as an unmonitored penetration tester. The SensePost Academy Review Board (SARB) oversees each recruit and is responsible for grading and testing the recruit on each phase, in addition to mentoring (or should that be tormenting?) them.


Interviews were performed, we wanted the right recruit and had to turn down a lot of people in the process, but we did find two gentlemen, and as a team, decided on our first ever recruits:


wreckingballs
On their first day, we reminded them that they were recruits and as a result, needed a special theme tune:



This theme tune would be played whenever they were addressed and as often as possible.


Over the past six months, they've been on many training courses internally, been shown the ways of the pwnage by the assessment team, presented at conferences and also developed and broken applications. Each phase was carefully monitored by the review board to ensure they were being moulded into a form we felt was right.


Finally, the CULEX week was upon us. A client application assessment (fictitious German company) and client feedback meeting. No hand holding, just perform the test like you've been shown and don't mess up.


After making them sweat, we took a vote this morning and I'm happy to welcome both Johan and Dane to our assessments team as Junior penetration testers.


If you think you'd be a good addition to the next academy intake, we've love to hear from you. Tweet us on @sensepost or email us at jobs@sensepost.com

Fri, 7 Jun 2013

Technical Project Manager Role

As SensePost grows, so does our desire to ensure a healthy balance between technical savvy and organisational skills. As a result, we are on the lookout for a Technical Project Manager based in our Pretoria office in South Africa.


Job Title: Technical Project Manager
Salary Range: Industry standard, commensurate with experience
Location: Pretoria, South Africa


About the role


  • Define and implement Project workflows for various service lines.

  • Architect , source and implement a project management system that includes real-time, accessible scheduling system.

  • Technical project scoping. (can grow into this responsibility over time)

  • Lead the planning and implementation of project

  • Facilitate the definition of project scope, goals and deliverables

  • Define project tasks and resource requirements

  • Develop fullscale project plans

  • Assemble and coordinate project staff

  • Manage project budget

  • Manage project resource allocation

  • Plan and schedule project timelines

  • Track project deliverables using appropriate tools

  • Provide direction and support to project team

  • Drive quality assurance process

  • Constantly monitor and report on progress of the project to all stakeholders

  • Present reports defining project progress, problems and solutions

  • Implement and manage project changes and interventions to achieve project outputs

  • Project evaluations and assessment of results


Education and Experience

  • Qualification in project management or equivalent

  • Knowledge of both theoretical and practical aspects of project management

  • Knowledge of project management techniques and tools

  • Direct work experience in project management capacity

  • Proven experience in people management

  • Proven experience in strategic planning

  • Proven experience in IT, with security being an advantage

  • Proven experience in change management

  • Proficient in project management software


Key competencies

  • Critical thinking and problem solving skills

  • Planning and organizing

  • Decision-making

  • Communication skills

  • Influencing and leading

  • Delegation

  • Team work

  • Negotiation

  • Conflict management

  • Adaptability

  • Stress tolerance


This role is open to South African citizens only, or those in possession of a valid South African work visa only. Please send your CV to jobs@sensepost.com

Mon, 4 Mar 2013

Vulnerability Management Analyst Position


Have a keen interest on scanning over 12000 IP's a week for vulnerabilities? Excited about the thought of assessing over 100 web applications for common vulnerabilities? If so, an exciting, as well as demanding, position has become available within the Managed Vulnerability Scanning (MVS) team at SensePost.


Job Title: Vulnerability Management Analyst


Salary Range: Industry standard, commensurate with experience


Location: Johannesburg/Pretoria, South Africa


We are looking for a talented person to join our MVS team to help manage the technology that makes up our Broadview suite and, more importantly, finding vulnerabilities, interpreting the results and manually verifying them. We are after talented people with a broad skill set to join our growing team of consultants. Our BroadView suite of products consists of our extensive vulnerability scanning engine, which looks at both the network-layer and the application layer, as well as our extensive DNS footprinting technologies.


The role of the Vulnerability Management Analyst will possess the following skills:


  • Be able to multitask and meet client deadlines. We want a person that thinks 'I can do that!'

  • Possess excellent written and oral communication skills. Being able to understand a vulnerability and explain it to business leaders is a must.

  • A working knowledge of enterprise vulnerability management products and remedial work flow

  • A broad knowledge of most common enterprise technologies and operating systems

  • A passion for security and technology


Some additional conditions:

  • A post graduate degree or infosec certification would be beneficial, however, showing us you have the passion and skills also helps

  • This job requires some after-hours and weekend commitments (we try to keep this to a minimum)

  • Bonus points for knowledge of sed, awk and python, ok even ruby.

  • PCI-QSA is desired but not required


Impress us with your skills by sending an email to jobs@sensepost.com and lets take it from there.


SensePost is an equal opportunity partner.

Sat, 2 Mar 2013

IT Network Packet Wrangler


As we grow and operate on a number of continents, so does our dependence on a rock-solid IT infrastructure. We are expanding our repertoire to include a greater collection of Linux/Open Source/Windows and OS X products. With this, we are on the look-out for a rock star to wrangle control of our internal networks, external cloud infrastructure and help us us utilise technology in a way to make us even better.


Job Title: IT Network Packet Wrangling Penguin Master


Salary Range: Industry standard, commensurate with experience


Location: Johannesburg/Pretoria, South Africa


Real Responsibilities:


  • Managing a growing internal network, both in ZA and UK and increased cloud-based infrastructure

  • Championing the adoption of new technologies, ways of working and being incredibly excited about security. Yes, we like that type of person who scoffs at the idea of using a plain-text protocol


As a system / network administrator your daily duties and responsibilities will include:

  • Providing day-to-day Desktop, Server and Network administration, including helping plakkers (the name we give to all who work at SensePost) with their devices

  • Be capable of using a variety of operating systems

  • Ensuring our disaster recovery plan is working as it should

  • Being the go to person to all those who require assistance with their IT

  • Maintaining and administer the telecommunications system

  • Administering the network to ensure that the systems in place run effectively and securely (we are, after all, a security company!)

  • A real passion for finding technology led solutions to problems.

  • Be excited about Unix firewalls, Cisco routers, wrangling network packets, VPN tunnelling and Wi-Fi

  • Able to hold a conversation and smile when mentioning SMTP/HTTP/IMAP/Python


Not essential, but bonus points for:

  • Actually getting a linux laptop to use an overhead projector, without resorting to swear words in Spanish and Afrikaans

  • Administering a Windows server without complaining, at all, not once, in fact, you actually kinda enjoy it.

  • Being really passionate about security and showing it doesn't have to get in the way of working productively.


If the above has got you thinking 'weird, it's like they are talking to me bru!' then we want to hear from you. Send us a carrier pigeon message or send us a mail