Senior Penetration Tester - West London - GBP75k

Recruiter
Source Technology
Location
London
Salary
75000.00 GBP Annual
Posted
16 May 2017
Closes
23 May 2017
Category
IT, Internet
Function
IT
Contract Type
Permanent
Hours
Full Time

Senior Penetration Tester - West London - GBP75k

A British telecommunications company is currently looking for a Senior Level Penetration Tester to join their technical team.

As a Penetration Tester you will play a key role in protecting key information assets as well as being responsible for conducting various security assessments, educating the business on the inherent risks and providing hardening and mitigation strategies

As a member of the Information Security team, the Penetration Tester will be required to be a thought leader within selected information security practices, have proven experience in development and maintenance of security operations, and have a strong understanding of technology risks with an ability to identify mitigating controls.

Job responsibilities:

Web-based and mobile application penetration tests

Network penetration tests

Logical security audits

Hands-on technical security evaluations and remediation advice

Develop subject matter expertise in application security, wireless security or database and development security

Assignments & Skills:

The ability to perform and manage application security assessments

Penetration testing

Data leakage

Network and system forensics

Testing the design and effectiveness of security controls of Internet systems, networks and applications.

Team Overview:

IS Security is responsible for Threat Assessment and Incident Response for the company's Technology Infrastructure. In addition the team is responsible for the development and compliance maintenance of Policies, Standards and business cases to manage the risks posed to the company technology.

The department is also responsible for ensuring Programme delivery is compliant against these standards and Policies through project consultancy.

Key responsibilities:

Performing penetration tests and vulnerability assessments on company assets and where necessary 3rd Parties.

Web Application Penetration Testing -End User Environment

Performing application security penetration and vulnerability testing against applications.

Testing a diverse range of Applications, Devices and systems.

Manual Web App testing for SQL injection, XSS, CSRF, Broken Auth & Session Management, Buffer overflows, OWASP top 10 etc.

Mobile Application Security testing of Android & IOS Devices

Work with developers. Have a direct impact on projects and applications. Identify issues and enhance security.

Respond to cutting edge threats facing the business.

Simulate real life Hacking attacks

Performing research as necessary on reported issues and emerging risks to identify best-practice solutions.

Recommending and scoping technical solutions not already in place in addressing security vulnerabilities.

Acting as a coach and mentor to other team members, sharing knowledge associated with tools and practices utilised for data leakage protection, vulnerability assessments, and risk remediation.

Participate in the leadership and on-going research and development of a penetration testing lab and processes.

Provide value added, high impact IT and security consulting services to the diverse business.

Candidate requirements

Essential:

5+ years of experience performing network, web/application and wireless penetration testing including exploitation.

Technical certifications such as: OSCP, OSCE, GWAPT, GPEN, GCIH, CISSP, CISA, CISM, CEH.

CISSP or CISMP or equivalent

Demonstrable skills in common types of penetration testing such as web/application and infrastructure testing, wireless network testing, VoIP, Firewall rule set review.

Hands-on experience with software security testing and common testing tools like Appscan, WebInspect, Fortify, etc

Experienced with tools such as Burp/Paros/Proxy tools, nmap, Nessus, Metasploit, Backtrack, Kali, SQL Ninja and various hacking tools.

Experience with penetration testing frameworks

Ability to do manual penetration testing/validation and not rely on automated scanners.

Desirable:

CHECK, Crest, TIGET SST

PCI/DSS

Reverse engineering, binary analysis, antivirus avoidance, and exploit development.

Advanced understanding of security architecture and related components.

Advanced understanding of Application Security and techniques to mitigate threats in application code and functions.

Proven experience across consultancy, service provider and end user environments.

Location:

West London

Salary:

GBP75k

Apply with your CV to be considered.