Penetration Tester & Security Lead

Zonal Retail Data Systems Limited
Liverpool, UK
Closing date
30 Oct 2020

View more

Technology & New Media
Contract Type
You need to sign in or create an account to save a job.
The Zonal group are one of the UK's largest technology providers to the hospitality industry. Our products are used by over 16,000 pubs, restaurants and hotels. Customers include national brands like Pizza Express, JD Wetherspoons and All Bar One.

We provide our customers with the solutions they need to make their business a success. These solutions include mobile apps for ordering and web apps for engaging with consumers either through loyalty or reservations. By linking these solutions to Zonal's EPoS (till) system, we help hospitality brands to understand their customers' behaviour and preferences, enabling them to excel in an increasingly competitive market.

If you have booked a table or hotel room, ordered, and paid for food and drinks, received loyalty offers, or downloaded your favourite hang out's app, you will likely have used a Zonal product.

We are a family business with Scottish roots. We operate from our modern head office in Edinburgh to our Marketing Technologies Division in Staffordshire, or our Innovation Centre in Abingdon and hotel management solutions base in Cardiff.

**We are happy to consider remote workers for this role but as and when our head office in Edinburgh opens, you will be required to visit minimum once per month**

What you will do

You will work within Zonal's Security team delivering hands on manual based security testing within the wider R&D/Dev space. The main focus of the role is to deliver highly technical and effective security engagements through hands on systematic and innovative testing. The person will be responsible for leading teams on vulnerability management as well as working on their own.

This role is ideal for an experienced tester who combines technical delivery with a strong ability to translate technical issues into clear business related impact. Ideally the individual will be working towards CREST Certified Web Application Tester or CREST Certified Infrastructure Tester or equivalent (OSCP).

We pride ourselves on our ability to engage the business and educate them; as such the candidate must have a high level of technical ability and share our passion for information security. The individual will be experienced within the delivery of manual based security testing and combined with their problem solving abilities, the output from a range of tools and their own knowledge of networking and systems, be capable of finding vulnerabilities that would or could not be identified by automated tools.

The individual will also have the ability to understand the consequence and relative importance of findings within the context of the system under test. They will be able to understand the broader threat environment and using this knowledge articulate findings and key risks, clearly and concisely. The individual will be able to deliver key messages to different audiences, from technical development teams to senior non-technical management teams.

Passion for security is a key attribute; the team are security geeks and love what they do. We engage the business in CTFs, Red Team events and training. You will have the opportunity to attend conferences such as DEF CON. The team has also won 'Best Information Security' at the Scottish FinTech awards 2019.

Key Skills
  • Experience in performing penetration tests on web applications, mobile applications, APIs, internal applications, networks and servers.
  • Experience in analysing the outcome of 3rd party penetration test reports.
  • Experience in making recommendations based upon your reports and 3rd party reports.
  • Understanding technologies that use items such as .net, RESTful web services, SQL/MYSQL, C#.

Who you are?
  • You will be a self-motivated, logical thinking problem solver who is flexible and adaptive to a very busy work environment
  • You will be organised and have an inquisitive nature paired with a positive attitude and eagerness to learn.
  • Ideally with a degree in Computer Science or Security holder of one or many certifications such as OSCP, CHECK, CREST, CEH Master.
  • Experience of actual Penetration Testing is a major factor for the role.

Other desirable skills
  • Good understanding of network protocols and web/mobile development lifecycle.
  • Solid technical skills in both information security architecture and penetration testing.
  • Ability to assess testing tools and deploy the right ones.
  • Someone who is moving from a Developer background into Security.
  • A good understanding of the OWASP Top 10.
  • A solid understanding of ethical hacking.
  • Scripting and programming experience are beneficial.
  • Ability to explain findings to non-technical professionals.
  • Excellent report writing and presentation skills.
  • Able to work independently but also as part of a team.
  • Flexibility to change direction and manage conflicting demands.
  • Outstanding organisational and data analytics skills.
  • Experience with using security tools such as: Kali Linux, Burp Suit, Metasploit, OWASP Zap.

What we value

Passion, Teamwork, Innovation and Professionalism are the values we believe make us the company we are. We're looking for someone who understands great culture and will help us shape it as it evolves.

This job was originally posted as
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert