Penetration Tester - Cyber Security Consultancy - Audit, Risk, Security, Compliance Consultancy
London EC3A or home based with travel to client sites as required
£50,000 - £75,000 Depending on Experience Level + Benefits
We are an information audit, risk, security and compliance company supplying professional services across a broad range of sectors.
The Company was initially formed in 2008 to specialise in payment security and has since grown organically into a highly respected thought-leading information risk, cyber security and compliance consultancy.
By combining creative thinking, selective hiring, passionate vision and exceptional service, our small highly experienced team provides a commercially balanced blend of strategic and tactical advice, technical assessments and assurance & audit services. We supply to large and well-known clients across many sectors including retail, insurance, financial services and telecommunication.
The Penetration Tester / Security Consultant Role:
Reporting to the Head of Consultancy the primary role of the Penetration Tester is to undertake hands-on web and mobile applications and / or infrastructure penetration testing to support our assurance services. Working with the client’s management and technical teams, you will perform a structured programme of security / penetration testing on our client’s network infrastructure, systems and applications. You will conduct web and mobile application, network, infrastructure and wireless penetration tests and related activities, social engineering, simulate cyberattacks and offer recommendations, reports, added value and thought leadership to our internal teams and clients. We are in the process of establishing our in-house penetration testing function so this role with offer plenty of scope for future career development.
Key Required Skills and Experience:
+ Hands-on external penetration testing experience with experience of infrastructure and / or application penetration testing
+ Exposure to a variety of security testing tools and exploits to identify vulnerabilities and recommend corrective action
+ Current technical understanding of security threats, trends and solutions
+ Strong demonstrated ability to take vulnerabilities and articulate the actual business risk along with good reporting writing and client presentation skills
+ Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), National Institute of Standards and Technology (NIST) Special Publications, CREST, Tigerscheme SST, and CESG Check
+ A consultative manner and customer facing skills with the ability to communicate with stakeholders at all levels and advise on best practice
+ An enquiring mind, the tenacity to overcome technical challenges, and an ability to approach problems from different perspectives
+ A commitment to personal development and keeping a current knowledge of the security industry threats and best practices
+ Ability to travel as required
You might also have:
+ Knowledge of firewalls and other network security controls
+ Knowledge of applied cryptographic protocols
+ CSSLP, OSWE, OSCP, OSWP, OSCE, OSEE, GAWPT, GPEN, or GXPN certification(s)
+ Experience hacking hardware or embedded systems
What we offer:
We offer a competitive salary plus benefits and continued investment in your training, professional development and technical certifications. You will have the opportunity to work in the supportive and pragmatic culture of an established and thought-leading Consultancy where you won’t just be a ‘number’ but will be able to make a real impact on the service provision to our clients and the growth of the business.
Interested? Apply here for a fast-track path to the hiring manager
If you have any pre-application questions please contact us first quoting the job title & ref. Good luck, Team RR.