Enable job alerts via email!

Cyber Security Tester (Telecom – Core BSS/OSS)

Thirdeye It Consulting Services (Pty) Ltd

Johannesburg

On-site

ZAR 40 000 - 60 000

Full time

9 days ago

Job summary

A leading IT consulting firm is looking for a Mid-Senior Cyber Security Tester to perform offensive and defensive security testing across telecom BSS/OSS. The successful candidate will manage testing processes, work closely with various teams, and ensure compliance with security standards. The role requires extensive experience in cyber security and testing telecom systems. This is a contract position based in Johannesburg or as remote-offshore in India.

Qualifications

  • 5-8 years of experience in cybersecurity testing.
  • Hands-on experience with telecom BSS/OSS systems.
  • Familiarity with cyber security frameworks and standards.

Responsibilities

  • Conduct penetration and resilience testing of BSS/OSS components.
  • Perform configuration and hardening reviews for various systems.
  • Validate defensive security measures against threats.

Skills

Hands-on testing of core telecom BSS/OSS data flows
Strong grasp of Diameter, SIP/IMS, GTP, SS7/SIGTRAN
Vulnerability management end-to-end
Scripting for automation/PoCs
Frameworks/standards: OWASP ASVS, NIST CSF/800-53
Job description
Overview

Role: Mid–Senior Cyber Security Tester (Telecom – Core BSS/OSS)

Experience Range: Mid-Senior(5-8 years)

Job Location: JHB, South Africa(Onsite)/ PAN India(Remote-Offshore)

Job Type: Contract

Role summary

Own offensive + defensive security testing across telecom core BSS/OSS (CRM, Billing/Charging, Mediation, Order Mgmt, Provisioning/Orchestration, Inventory, ESB/Message Bus, NMS/EMS). Plan and execute risk-based tests, embed controls in CI/CD, and validate the effectiveness of our cyber solutions. Work closely with BAs, architects, DevOps, and operations.

Key responsibilities
  • Penetration & resilience testing of BSS/OSS components, interfaces, and system integrations (mediation flows, bus topics/queues, TMF Open APIs, batch jobs, inter-system file drops, SFTP, SNMP/NetConf southbound).
  • Configuration & hardening reviews for app servers, DBs, middleware, K8s/containers, and network elements; verify least-privilege, secrets handling, and encryption in transit/at rest.
  • Defensive validation: exercise SIEM/XDR use-cases, WAF/reverse proxies (where applicable), IPS/IDS rules, and alert fidelity mapped to MITRE ATT&CK; purple-team style simulations.
  • Secure SDLC & CI/CD: define gating policies; integrate SAST/DAST/SCA, IaC and container scans; automate regression security checks in pipelines (GitLab/Jenkins/Azure DevOps).
  • Governance & reporting: produce clear test plans/reports with risk ratings (CVSS), reproducible steps, and pragmatic remediation guidance; track closure against SLAs.
Must-have skills
  • Hands-on testing of core telecom BSS/OSS data flows, batch and near-real-time integrations, role/entitlement models, and file/API gateways.
  • Strong grasp of Diameter, SIP/IMS, GTP, SS7/SIGTRAN (reading traces), plus SNMP/NetConf, TLS/mTLS, PKI.
  • Vulnerability management end-to-end; log/telemetry analysis (SIEM) and incident support.
  • Scripting for automation/PoCs (Python/Bash; PowerShell nice).
  • Frameworks/standards: OWASP ASVS, NIST CSF/800-53, ISO 27001, basic TM Forum security considerations.
Seniority level
  • Mid-Senior level
Employment type
  • Contract
Job function
  • Engineering and Information Technology
  • Industries
  • IT Services and IT Consulting
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
TrustpilotImage showing a rating of 4.5 out of 5 stars on Trustpilot for JobLeads, indicating a high level of customer satisfaction.
Rated “Excellent” based on 18,710 reviews