Penetration Tester- Ethical Hacker - Web Application Tester
£450 - £600
* Real-world cyber security testing of products, services and systems across the organisation. Adopting a red team approach, working across traditional scope boundaries to find the real risks to our information and people, and probing our defensive mechanisms to see how they react.
* Communication of team findings to stakeholders in a clear and actionable fashion, focussing on real-world impact and with pragmatic options for resolution.
* Development and implementation of tools and techniques to automate as much of the team's 'basic' work as possible, providing continuous assurance that systems are protected against common threats.
* Developing and mentoring junior Red Team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in the department
Skills and Experience
- Good penetration testing skills relevant to red team activities, such as:
* Social engineering
* Open source intelligence analysis and assessments
* Infrastructure penetration testing
* Web application penetration testing
* Mobile application penetration testing
- Strong knowledge of the security of Windows and Linux operating systems, networking and related technologies, including how they are deployed at-scale in complex legacy environments.
- Experience with common security tools, including Nmap, Metasploit, Kali Linux, Nessus, Burp Suite Pro etc, for offensive security testing of real-world networks and services.
- Enabling and informing risk based decisions - Works with risk advisors to advise and give feedback. Advise on risk impact. Propose realistic and pragmatic mitigations that address these problems, and work with the product / project team to implement these effectively into their work.
- Research and development experience, building and automating common red team processes and activities.
- Knowledge of security architectures, in particular for modern digital services, including how they are developed and operated at scale.
Ideally the candidate will be/have
- CHECK Team Leader (Web)
- Will accept (in order of preference)
- CHECK Team Leader (Inf)
- CHECK Team Member
- SC clearance
- At least 5 years' experience
- Will accept 3 or less if the candidate can prove he/she has the requisite knowledge and skillset
Other helpful search terms:
- CREST Certified Tester (CCT)
- CREST Certified Infrastructure Tester
- CREST Certified Web Application Tester
- CREST CRT (CREST Register Penetration Tester)
- Tiger Scheme QSTM
- Tiger Scheme SST