Penetration Tester

  • Negotiable
  • Whippany, NJ, USA
  • Permanent, Full time
  • Barclays - US
  • 16 Nov 17 2017-11-16

Security Assurance are looking for a motivated, technically minded individual to join our expanding penetration testing team. As a senior penetration testing team member you will be expected to:

  • Scope and execute penetration tests against a variety of technologies including web application, mobile and infrastructure.
  • Lead and manage complex assessments independently or with different size teams.
  • Work collaboratively with a variety of internal and external stakeholders to deliver high quality penetration tests.
  • Provide reports which highlight and clearly articulate vulnerabilities and weaknesses to clients in terms they understand.
  • Contribute and lead strategic team activities outside of normal BAU testing to raise the security posture across the organisation.
  • Work within virtual teams of security and technical specialists to ensure quality delivery of leading security assurance services to our internal clients.
  • Innovate towards the goal of establishing novel security assurance services and the enhancement of existing services.
  • Develop subject matter expertise for Barclays systems/products from security perspective.

Key Accountabilities

  • Penetration Testing
    • Maintain relevant skills with which to conduct penetration testing in a number of the following domains to a significant degree of depth:
      • Application
      • Infrastructure
      • Mobile (iOS, Android)
      • Wireless
      • Physical assessment
      • Code review
    • Work independently or lead any size team on penetration tests
    • Work with global team and external entities to lead and deliver Security Assurance services
    • Analyse and review security issues identified
    • Have superior time management and organizational skills to undertake multiple critical supportive and advisory tasks concurrently
    • Supplement automated assessment techniques with manual security assessment approaches
    • Communicate security issues identified and mitigation/remediation options to development community
    • Generation of clear and concise reports
    • Have a superior ability to articulate technical concepts to non-technical business owners and management
    • Provide regular assessment progress updates that include sufficient detail to convey work completed and upcoming activities
    • Possess an entrepreneurial attitude to excel in loosely defined scenarios
    • Provide subject matter expertise in support of security related BAU activities as required
    • On occasion, work outside of regular business hours to support BAU business requirements

  • Research and Development
    • Research new and emerging threats, counter controls and technologies affecting various platforms
    • Innovate in collaboration with security focused development teams to implement and enhance proprietary Barclays security technologies
    • Build upon the existing service request model, processes and supporting technologies

Stakeholder Management and Leadership

  • Work collaboratively with a variety of internal and external stakeholders (security consultants, project managers, service managers, development teams, technical SME's, vendors) to deliver high quality penetration tests.
  • Build an effective network of relationships globally to ensure the trust and credibility of team is developed
  • Experienced in working with technical and security specialists and the appropriate Business Teams to drive out superior performance in developing and delivering world class IT security solutions, and achieve high levels of satisfaction as a result.
  • Maintain an effective network of relationships with individuals in service and technology providers to ensure Barclays maintains a leading capability

Decision-making and Problem Solving

  • Ability to analyse complex technical solutions and direct appropriate scoping and assurance activities
  • Can describe alternative problem-solving approaches and their optimal uses
  • Effective at working with unstructured teams, situations and environments and take decisive action
  • Demonstrates initiative and competence
  • Can maintain dialogue in difficult situations
  • Challenges way of operating with a focus on pragmatism
  • Supports and encourages positive working behaviours in others

Risk and Control Objective

Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards.

Person Specification

Essential Skills/Basic Qualifications:

  • 5+ years performing security penetration testing. Strong pentesting skills and experience in application and infrastructure domains at a minimum.
  • 5+ years in Information Security Role. Understanding of the security mechanisms associated with Applications, Operating Systems, Networks, Databases, Virtualisation and Cloud technologies.
  • 5+ years technical experience in a highly regulated environment
  • 8+ years of experience in Information Technology

Desirable skills/Preferred Qualifications:

  • Programming / scripting skills
  • Wider SDL activities such as threat/attack modelling and design review
  • Strong knowledge of information security frameworks and standards
  • Good understanding of security strategies and technologies
  • Experience creating innovative solutions and responding to information security incidents
  • CREST/OSCP/SANS or equivalent pentesting certification