Senior Application Penetration Tester
About the Role:
We are seeking a highly skilled and experienced Senior Application Penetration Tester to join our team. As a subject matter expert, you will lead complex projects and client engagements, while managing a high-performing team.
Key Responsibilities:
* Penetration Testing: Perform thorough penetration testing across various systems, including web applications, mobile apps, network components, and physical devices.
* Client Collaboration: Collaborate with clients to plan and design penetration testing activities, selecting appropriate methodologies and ensuring minimal operational impact.
* Report Delivery: Deliver detailed, actionable reports that include executive summaries, technical analyses, evidence, and remediation recommendations tailored to the client's environment.
* Knowledge Transfer: Conduct knowledge transfer sessions with the client's staff to ensure they understand findings and how to implement remediation strategies.
* Remediation Follow-up: Follow up on remediation efforts to verify the effectiveness of fixes and ensure no new vulnerabilities have arisen.
* Consultation: Offer ongoing consultation and guidance on best practices, security enhancements, and addressing any issues post-engagement.
* Audit and Compliance: Conduct audits of security controls, configurations, and penetration testing procedures, ensuring alignment with NCSC Cyber Security Baseline Standards and ongoing compliance.
* Advanced Penetration Tests: Perform penetration tests that may involve logical and physical perimeter assessments, including multi-vector attacks.
Requirements:
* Experience: A minimum of 7 years in penetration testing or a similar role, with strong theoretical and practical expertise.
* Certifications: Mandatory: Penetration Testing certifications. Desirable: Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
* English Proficiency: C2 Mastery or equivalent certification under the Common European Framework of Reference for Languages.
Competencies & Skills:
* Penetration Testing Expertise: In-depth experience with penetration testing of applications pre- and post-deployment.
* Vulnerability Identification: Ability to identify vulnerable systems or applications susceptible to malicious access.
* Security Assessments: Expertise in identifying and exploiting vulnerabilities in web applications and conducting detailed security assessments.
* Adversary Techniques: Knowledge of advanced adversary techniques and the ability to replicate these methods during penetration testing.
* System Analysis: Experience in analyzing system configurations, pathways, and interactions, simulating the tactics of sophisticated adversaries.