Penetration Tester, Vulnerabilities, Pen Tester, Vulnerability Manager
Posted on Sep 6, 2019 by Eximius Group Limited
Penetration Tester is required to work for a leading investment bank in London. The penetration tester will perform formal penetration tests on web-based applications, mobile apps, networks and computer systems. The penetration tester will have a minimum of 5 years experience, have natural ability to foster relationship with various teams and stakeholders. The penetration tester will have worked within the banking domain previously and will possess the following criteria.
The primary focus of the Group Cyber Security team is to defend the bank against malicious outsiders.
This is accomplished through the implementation of the bank's strategy focusing on prediction, prevention, detection and response. The team therefore consists of a mix of security analysts, red teamers, penetration testers, incident responders, threat hunters, threat intelligence analysts and research and development members, reporting into the Cyber Security Operations manager who in turn reports to the Group CISO.
The successful candidate will be part of a highly technical, close-knit and coordinated team with the opportunity to be exposed to both offensive and defensive disciplines. The successful candidate will be able to make a real difference, realise the fruits of your labour and be awarded for your passion and technical ability.
Perform formal penetration tests on web-based applications, mobile apps, networks and computer systems
Probe for vulnerabilities in web applications, fat/Thin Client applications and standard applications
Research, document and discuss security findings with management and IT teams
Recommend remedial technical and non-technical actions/solutions as necessary
Provide feedback and verification as development teams fix security issues
Be actively involved with the various development teams across the group to embed security practices into the development life cycle
Consult to business units in terms of security as needed.
Natural ability to foster relationship with various teams and stakeholders
Passion to learn and grow, both technically and personally
Effective written and oral communication skills
Strong documentation skills
Willingness to share ideas and collaborate with various teams
Ability to translate complex findings into interpretable and simple output
Ability to work as part of a geographically dispersed team
Be a self-starter, own his/her own career
Experience and Qualifications
Minimum of 5 years' experience in penetration testing
Relevant qualifications and certifications; OSCP, OSWE, SANS and Crest preferred
Experience with tools such as Cobalt Strike, Nessus, Metasploit, Burpsuite, IBM AppScan
Knowledge of both Windows and Linux environments.
Experience with both Android and IOS mobile operating systems.
Knowledgeable in all phases of the Cyber Kill Chain
Programming exposure and familiarity with languages such as Java, C#, .net, Objective-C
Proficiency in one or more Scripting languages, eg Perl, Python, PowerShell
Solid understanding of networking topologies, protocol usage, and enterprise hardware including Switches, Routers, Firewalls, and their roles in security
Intimate knowledge of OWASP methodology
You may experience some or all of the following benefits:
Competitive remuneration package including discretionary bonus and shares
Flexible working arrangements to accommodate work/life balance
Opportunity to make a difference in a global, respected organisation
Hardware, software and operating system of your choice
Time for research and innovation
Ability to determine your own goals, career and key performance criteria
Ability to work independently, without being micro managed