Senior Penetration Tester
£60k-£70k plus up to 15% bonus, car allowance, medical insurance and 26 days holiday
The role will be a specialist in technology security and will provide support in designing, operating and delivering an independent security service across the company for Red Team testing, ethical hacking and penetration testing. The role will support developing tests in compliance to security policies, industry regulators and standards.
The role will probe the organisation’s networks and operational infrastructure, attempting to find any areas which are vulnerable to attack and identifying methods by which attackers could exploit security flaws.
Purpose of the Role
- Business wide role.
- Leads investigations following security incidents and attacks.
- Reviews company threat landscape and makes recommendations that will reduce security risks.
- Leads Technical Security forums across the business and virtual teams in the event of cyber-attacks.
- Leads and manages information security improvement projects.
- Requirements to liaise with people across the business at all levels.
- Represents the company at industry forums.
- Contributes to the setting of security policies and strategic objectives in relation to information security assurance across the business.
- Scoping and delivering real-world scenario’s using current threat intelligence to test and measure the company’s defensive and response capabilities against social, physical, network and application attacks from a simulated real life adversary.
- Plan and execute ‘no-notice’ assessments through a network of trusted agents to ensure negligible impact security tests based on pre-defined scopes and in support of new developments.
- Create and manage a Forensics Readiness Plan and lead digital forensic investigations.
- Supporting the implementation of an enterprise security architecture, using best practice where relevant, to develop consistent security practices across the organisation and ensure security is considered in all processes and technologies.
- Provide clear reports to senior management, highlighting vulnerabilities and weaknesses with recommendations to fix them.
- Maintain an accurate and up to date knowledge of information security issues, keeping abreast of new technologies, methodologies, techniques, vulnerabilities and market trends and communicate this appropriately.
- Assist drive changes in design and delivery processes to ensure a ‘secure by design’ culture.
- Act as a senior point of contact in relation to technical security.
- Create a trusted technical security community within the company and chair a technical security forum on a monthly basis.
- Provide independent technical advice and guidance on security tools and techniques.
Key Performance Indicators
- Clear understanding of the information security threats facing the business and the current position in relation to mitigation.
- Consideration of information security obligations in all areas of the business as part of Business as Usual, indicating a clear change in the culture of the business.
- Regular, clear reporting to the Head of Security and Compliance on information security risk to understand the current position and potential future threats.
- Timely forensic investigations.
Qualifications that would help are listed below, however the company would consider other relevant certifications too.
- CREST Certified Penetration Tester (CCT)
- Forensic Readiness and First Responder
- Cyber Security Professional (CCP)
If you are interested in this position or even an informal chat about the position then please feel free to get in touch with Jonny Duggan on 01908 886 038 or email firstname.lastname@example.org.