We are looking for Strong pen Testers & Lead with at least 5 years’ experience in penetration Certified Simulated Attack Manager Certified Simulated Attack Specialist CREST Registered Penetration Tester CREST Certified Web Applications Tester CREST Certified Infrastructure Tester OSCP (Offensive Security Certified Professional)
- Delivery of end-to-end security testing engagements, including scoping and client wash-up meetings.
- Performing application testing, web and mobile tests, infrastructure testing, objective based tests, intelligence-led tests.
- Production of detailed reporting and presentations for both technical and non-technical stakeholders.
- Safe and responsible use of testing tools, ensuring controls are in place to limit risks during customer engagements.
- Developing improvements in terms of scripts, tools, or techniques to enhance the Security Testing team's capabilities.
- Knowledge sharing with colleagues in other teams, such as Threat Intelligence, Incident Response, and the wider Security Consulting community.
- Experience in delivery of security testing projects, Ability to demonstrate comprehensive, practical knowledge of testing tools, techniques, and procedures.
- Understanding of client needs in terms of testing outcomes, stakeholder engagement, and risk mitigation.
- Self-starter with ability to identify problems early and come up with solutions using own initiative.
- The ability to work to strict deadlines and prioritise work appropriately.
- Technical skills with an interest in one or more of the following: adversary emulation, vulnerability discovery, reverse-engineering, emerging technology.
- Flexibility and willingness to travel both within the UK and globally.
Desirable (one or more of the following):
- Experience in a high level scripting language such as Python, a mid level language such as C/C++, or low level language such as ASM
- Skills and experience in application, operating system, database management operation, development, or security management.
- Skills and experience in testing within Government, Telecommunications, Energy, or Financial Services sector.
- Exploit development or other in depth vulnerability research experience.