Ethical Hacker/Cloud Security Configuration Reviews

Hybrid working: Bristol, London or Manchester

Contract length: until 31.03.2023, with extension possibility

Key accountabilities:

• Deliver web application and infrastructure penetration tests of IT and digital services
• Deliver endpoint build reviews
• Deliver cloud security configuration reviews (focusing on AWS) and infrastructure as code reviews (eg Terraform)
• Contribute to the delivery of new capabilities
• Build and improve the tools, processes and training within the team to ensure quality tests and improve efficiency
• Implement automated and continuous penetration testing pipelines
• Contribute to the continual improvement and automation of the team's reporting processes and data collection

Key requirements

• Experience delivering security testing of web-based services, cloud services and underlying infrastructure, looking for sophisticated attack vectors and recommending mitigations
• Recognised certifications (eg, CRT, OSCP) in the field of penetration testing
• Good analytical skills to understand the implications of security threats
• Good verbal and written communication skills to ensure business and technical risks as clearly communicated
• Experience using penetration testing tools such as BurpSuite, Nmap and Metasploit
• Experience developing and/or reviewing source code
• Experience reviewing cloud infrastructure configurations and infrastructure as code