Job Title: Penetration Tester Location: Radbroke, UK Contract Duration: 6+ Months Mode: Hybrid KEY CRITERIA FOR THIS POSITION: The ideal candidate has extensive and in-depth understanding of secure software development life cycle in a continuous integration and deployment environment.
Key project deliverables include: Assessing and scoping application security needs Identifying technology and control risks Recommending improvements in procedures, processes, operations, and systems Conducting Web/API/Mobile/Thick client/Network penetration testing.
Assisting with reporting methodology enhancements Responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and IT risk across the enterprise.
Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios.
Research, analyze and identify potential vulnerabilities and security deficiencies in the company's information systems.
Experience: Candidate should have overall experience of 2 to 4+ years on penetration testing.
Certification: Desirable industry security certifications such as CEH, eWAPT, ECSA, OSCP, GWAPT, eWPTX.
Knowledge of information security fundamentals, best practices, and industry standards with responsibilities of protecting information assets.
Hands on experience on penetration testing tools such as Burp Suite, Nessus, Kali Linux, POSTMAN, Fiddler, SOAPUI, HCL AppScan, Sqlmap, Mobsf, Apktool etc.
KNOWLEDGE AND SPECIAL ABILITIES REQUIRED: Required Technical Expertise: Proficiency in conducting Web Application VAPT (Black/Gray/White box) activities to identify and mitigate security vulnerabilities as per OWASP Top 10.
Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security vulnerabilities.
Proficiency in Conducting Mobile (IOS/Android) Security testing (SAST/DAST) activities to identify and mitigate security vulnerabilities.
Proficiency in Conducting Thick client Security testing activities to identify and mitigate security vulnerabilities.
Understanding of Cloud Security & Container security.
Proficiency in Conducting External and internal network Penetration testing.
Soft skills/personality fit: Ability to work independently with minimal supervision.
Willingness to make decisions and accept accountability for decisions.
Must be willing to learn BMO processes and policies.
Excellent communication/speaking skills.
Presentation skills and public speaking skills – in-person, telephone, web.