Penetration Tester

Callcredit Information Group
30 Sep 2017
03 Nov 2017
Contract Type
Full Time


The individual will be responsible for carrying out security testing of Callcredit applications (including externally facing web applications) and infrastructure. They will be responsible for identifying any security weaknesses within these systems, assessing the risks, and suggesting appropriate remediation activities.


  • Identification of security weaknesses & risks in all systems tested

Producing clear and comprehensive reports
Accurate record keeping and tracking of identified vulnerabilities
Timeliness of Management Information


  • Carrying out regular security assessments of different Callcredit systems, using both automated tools as well as manual testing.

Assisting development teams in carrying out static code analysis.
Liaising across the organisation in order to identify and prioritise the systems to test.
Producing clear written reports of any findings, including explaining these in terms of risks to the business, to relevant stakeholders.
Producing recommendations for how to fix any vulnerabilities found.

Essential Qualifications:
  • Penetration testing qualification or certification, such as CHECK, CREST, CEH, or OSCP

Desirable Qualifications:
  • Master Degree in Information Security.

Essential Skills:
  • Strong understanding of security issues relating to web applications, such as cross-site scripting (XSS), cross-site request forgery (CSRF), SQL and code injection, session management, and authentication methods and issues.

A good working knowledge of, and understanding of security issues relating to:

    • Web Servers (in particular IIS)

    Application Servers (in particular using .NET technologies)
    Database systems (in particular SQL Server)
    Firewalls (in particular Cisco ASA & Checkpoint)
    Load balancers
    Routers & switchesAbility to quickly grasp high-level technical concepts
    Ability to use initiative and take control
    Excellent communication and interpersonal skills
    Forward thinking with strong problem solving skills
    Ability to work independently.
    • Knowledge of UK laws relating to security testing, such as the Computer Misuse Act.
    Essential Experience:
    • Relevant experience within a large organisation performing controlled security testing on Applications and Infrastructure.

    Desirable Experience:
    • Experience of working within a large organisation to perform security testing.


    Achieving Excellence – Intermediate
    Collaborating for success – Intermediate
    Communicating with Impact – Intermediate
    Planning & Organising – Intermediate
    Problem Solving & Decision Making - Advanced
    Professional/Technical Expertise - Advanced
    Compliance & Risk – Intermediate

    This job was originally posted as