Senior Penetration Tester
Senior Penetration Tester - West London - GBP75k
A British telecommunications company is currently looking for a Senior Level Penetration Tester to join their technical team.
As a Penetration Tester you will play a key role in protecting key information assets as well as being responsible for conducting various security assessments, educating the business on the inherent risks and providing hardening and mitigation strategies
As a member of the Information Security team, the Penetration Tester will be required to be a thought leader within selected information security practices, have proven experience in development and maintenance of security operations, and have a strong understanding of technology risks with an ability to identify mitigating controls.
• Web-based and mobile application penetration tests
• Network penetration tests
• Logical security audits
• Hands-on technical security evaluations and remediation advice
• Develop subject matter expertise in application security, wireless security or database and development security
Assignments & Skills:
• The ability to perform and manage application security assessments
• Penetration testing
• Data leakage
• Network and system forensics
• Testing the design and effectiveness of security controls of Internet systems, networks and applications.
IS Security is responsible for Threat Assessment and Incident Response for the company's Technology Infrastructure. In addition the team is responsible for the development and compliance maintenance of Policies, Standards and business cases to manage the risks posed to the company technology.
The department is also responsible for ensuring Programme delivery is compliant against these standards and Policies through project consultancy.
• Performing penetration tests and vulnerability assessments on company assets and where necessary 3rd Parties.
• Web Application Penetration Testing -End User Environment
• Performing application security penetration and vulnerability testing against applications.
• Testing a diverse range of Applications, Devices and systems.
• Manual Web App testing for SQL injection, XSS, CSRF, Broken Auth & Session Management, Buffer overflows, OWASP top 10 etc.
• Mobile Application Security testing of Android & IOS Devices
• Work with developers. Have a direct impact on projects and applications. Identify issues and enhance security.
• Respond to cutting edge threats facing the business.
• Simulate real life Hacking attacks
• Performing research as necessary on reported issues and emerging risks to identify best-practice solutions.
• Recommending and scoping technical solutions not already in place in addressing security vulnerabilities.
• Acting as a coach and mentor to other team members, sharing knowledge associated with tools and practices utilised for data leakage protection, vulnerability assessments, and risk remediation.
• Participate in the leadership and on-going research and development of a penetration testing lab and processes.
• Provide value added, high impact IT and security consulting services to the diverse business.
• 5+ years of experience performing network, web / application and wireless penetration testing including exploitation.
• Technical certifications such as: OSCP, OSCE, GWAPT, GPEN, GCIH, CISSP, CISA, CISM, CEH.
• CISSP or CISMP or equivalent
• Demonstrable skills in common types of penetration testing such as web/application and infrastructure testing, wireless network testing, VoIP, firewall rule set review.
• Hands-on experience with software security testing and common testing tools like Appscan, WebInspect, Fortify, etc
• Experienced with tools such as Burp/Paros/Proxy tools, nmap, Nessus, Metasploit, Backtrack, Kali, SQL Ninja and various hacking tools.
• Experience with penetration testing frameworks
• Ability to do manual penetration testing/validation and not rely on automated scanners.
• CHECK, CREST, TIGET SST
• Reverse engineering, binary analysis, antivirus avoidance, and exploit development.
• Advanced understanding of security architecture and related components.
• Advanced understanding of Application Security and techniques to mitigate threats in application code and functions.
• Proven experience across consultancy, service provider and end user environments.
Apply with your CV to be considered.