Expected Duration of engagement: October 2024 to March 2026
Location: UK: Portsmouth Walton Park, Horley, SGN Tier 1,2 & 3 OT sites
Roles and Responsibilities:
My client is looking to onboard 2 Annual Penetration Test Leads. These Annual Pen testing Leads will manage the Annual pen testing schedule, ensuring the APT 3rd party adheres to the schedule and meets the required weekly, monthly & annual pen testing as necessary. They will be instrumental in managing the remediation activities that arise from the pen test reports and will work to reduce vulnerabilities across SGN’s OT & IT estate.
The APT Lead role & responsibilities are detailed below:
1. Responsible for SGN Cybersecurity OT & IT Annual Penetration testing lifecycle.
2. Deliver a defined volume of pen tests across Application, Infrastructure, Websites, APIs, O365, Azure, AWS, and OT environments.
3. Identify & tier SGN OT & IT assets, services & systems to build on the current Tiering system identified in the Discovery phase.
4. Prioritise, plan & schedule all Pen Test engagements, ensuring testing exercises are based on Tiering.
5. Engage with Product Group owners & internal stakeholders during the discovery phase to avoid duplications of effort around pre-existing/pre-planned pen test engagements.
6. Manage Annual Pen test Supplier engagements & the relationships within SGN.
7. Oversee onboarding and offboarding of 3rd party Supplier resources, ensuring they have all required accounts/privileges/physical security badges to commence their engagement.
8. Manage Operational Gas Business Owner relationships.
9. Oversee regulated operational sites business processes including sign off.
10. Build and own all relevant policies and procedures around pen testing within SGN, adhering to Best Practices & NCSC guidance.
11. Review 3rd party pen test reports and brief internal stakeholders on findings.
12. Document findings, risks, and exceptions, and recommend remediation.
13. Collaborate with IT and cybersecurity teams to enhance security protocols and remediate findings.
14. Track progression of remediation tasks and report weekly to internal stakeholders on progress and blockers, building secure Power BI dashboards for reporting.
15. Update the SGN CMDB with relevant vulnerabilities, ensuring it is highly secured.
16. Provide monthly reporting on remediation activities and track progress to Cybersecurity & IT Management team.
17. Manage the patching regime to remediate identified pen test vulnerabilities, confirming with BAU Vulnerability Management team that there is no duplication of effort.
Required skills:
1. Strong understanding of both OT & IT asset profiles, technology & security best practice principles.
2. Excellent report writing and communication skills for documenting findings and advising on security improvements.
3. Previous experience in a technical cyber security role.
4. Strong understanding of network protocols, cryptography, and security vulnerabilities.
5. Preference for candidates with OSCP certification.
6. Preference for candidates with recent experience as a Pen tester or in a Red Team role.
7. SC clearance (to confirm requirement) & CREST Certification preferred.
8. Proficiency with penetration testing tools.
9. Understanding of OWASP.
10. Understanding of APIs, their use, and potential exploitation by attackers.
11. Strong stakeholder engagement and relationship management skills.
#J-18808-Ljbffr