The individual will be responsible for carrying out security testing of Callcredit applications (including externally facing web applications) and infrastructure. They will be responsible for identifying any security weaknesses within these systems, assessing the risks, and suggesting appropriate remediation activities.
- Identification of security weaknesses & risks in all systems tested
Producing clear and comprehensive reports
Accurate record keeping and tracking of identified vulnerabilities
Timeliness of Management Information
- Carrying out regular security assessments of different Callcredit systems, using both automated tools as well as manual testing.
Assisting development teams in carrying out static code analysis.
Liaising across the organisation in order to identify and prioritise the systems to test.
Producing clear written reports of any findings, including explaining these in terms of risks to the business, to relevant stakeholders.
Producing recommendations for how to fix any vulnerabilities found.
- Penetration testing qualification or certification, such as CHECK, CREST, CEH, or OSCP
- Master Degree in Information Security.
- Strong understanding of security issues relating to web applications, such as cross-site scripting (XSS), cross-site request forgery (CSRF), SQL and code injection, session management, and authentication methods and issues.
A good working knowledge of, and understanding of security issues relating to:
- Web Servers (in particular IIS)
Application Servers (in particular using .NET technologies)
Database systems (in particular SQL Server)
Firewalls (in particular Cisco ASA & Checkpoint)
Routers & switchesAbility to quickly grasp high-level technical concepts
Ability to use initiative and take control
Excellent communication and interpersonal skills
Forward thinking with strong problem solving skills
Ability to work independently.
- Knowledge of UK laws relating to security testing, such as the Computer Misuse Act.
- Relevant experience within a large organisation performing controlled security testing on Applications and Infrastructure.
- Experience of working within a large organisation to perform security testing.
Achieving Excellence – Intermediate
Collaborating for success – Intermediate
Communicating with Impact – Intermediate
Planning & Organising – Intermediate
Problem Solving & Decision Making - Advanced
Professional/Technical Expertise - Advanced
Compliance & Risk – Intermediate
This job was originally posted as www.totaljobs.com/job/76108894