Penetration Testing Coordinator (F/M)
Paris 1er Arrondissement (Paris) Sales
Job description
Context of the job
· Deputising for the Security Assurance Team Lead and taking decisions in order to ensure the delivery of a continuous service
· Supporting the Penetration Testing activities by engaging the Pen Test vendors and managing their needs and expectations
· Supporting the AXA internal stakeholders (Asset Owner, Subject Matter Expert), in order to deliver the required (AXA Group Security) Technical Assurance Governance requirements, thus ensuring compliance to Standards
· Managing clarity of Scope, Context by delivering the Transactional Agreement and Prerequisite documentation
· Ensuring identified (and known) risks are managed and vulnerabilities are managed through remediation
· Managing the expectations of all stakeholders (both internal and external) and guiding the same through the Technical Assurance Penetration Testing lifecycle, to conclusion and closure
Job purpose
· Coordinate technical assurance activity e.g. penetration testing, application code review and vulnerability scanning
· Coordinate technical assurance reporting and metrics for internal review
· Liaise with solution engineers, designers and business/system/asset owners for issue resolution
Main tasks
· Collaborate with the internal requestors in order to define the scope and activities related to technical assurance for the Group products
· Schedule and coordinate security testing globally maintaining relationships with the testing vendors
· Evaluate the audit results for consistency and reporting quality
· Strong skills related to cyber défense able to assess technical assurance activities
· Evaluate and select vendor with the correct tools and technologies to perform assurance activities
· Accountable for the delivery of directly assigned Penetration Tests
· Accountability for the delivery of assigned Penetration Tests that are to be conducted by approved vendors
· Accountable for the management of assigned Penetration Test vendors
· Ability to work without supervision
Desired profile
Qualifications :
Skills and experiences
· E xperience of penetration test tools (Burp Suit, Metasploit, Nmap, Wireshark) and methodologies
·
Knowledge of cyber defence best practices, procedures
·
Knowledge of ISO27001/1, Information Security Management System & Controls
·
A good level of understanding of the principles for Confidentiality, Integrity, Availability and Accountability
·
A high level of understanding of Penetration Testing principles, practices and tools
·
Experience in information security > 3 years
·
Proven experience in delivery, managing and quality assuring technical assurance assessment activity
·
Experience in the management of penetration testing providers and the scoping of penetration testing / vulnerability scanning activity
·
Experience managing complex stakeholder relationships