Our mission is to simplify the delivery and management of pentesting.
At OnSecurity, we provide our customers with fast, flexible, CREST-accredited manual penetration testing with our easy-to-use platform. We are changing the game globally by allowing customers to quote, schedule, and book in under 60 seconds to secure your digital assets and meet compliance requirements.
Current Status and Future Goals
From a customer perspective, procuring a pentest is a painful, slow, high-friction process with lots of manual steps, and can easily take 3-4 weeks end to end, just to book the pentest in.
OnSecurity exists to solve this problem.
We aim to make the procurement and management of pentesting as simple as possible for our customers. We are well-known in the industry for our online pentesting booking workflow, which was the biggest factor in driving our early growth and success. Using this workflow, a customer can literally book a pentest online, in real-time, in about 2 minutes.
As we move to the future, we continue to press home our advantage when it comes to the delivery of pentesting by iterating the product further and growing the business. This means new features and more effective ways of providing value to our customers.
It’s an exciting time to be joining OnSecurity!
Working Hours and Location
We are based in the UK with employees working remotely and hybrid depending on the team. For this full-time role, the ideal candidate will be able to attend our central Bristol office location 2-3 days a week.
You can ask us about the best working hours and work setup in the interview if there’s something that’s important to you. We try to be as flexible as possible.
All we ask is that everyone is online between our core hours of 10:00-16:00 (UK time) so that everyone overlaps for the majority of the day; it’s up to you and your manager to find the right schedule that works for you and your team.
Role Importance, Responsibilities and Impact
What you will be doing:
* Device management: Provision, configure, and maintain physical hardware, including phones and laptops.
* Manage IT system access: Handle user onboarding and offboarding, manage access permissions, and maintain accurate access registries.
* ISO compliance: Play an active role in attaining and maintaining ISO27001 certification by enforcing security policies and documenting adherence to protocols.
* Administer and maintain cloud systems: Oversee secure configurations for platforms such as G-Suite, Slack, Bitwarden, and our proprietary systems.
* Fulfil internal data requests: Provide data insights and reports via our internal platforms.
* Documentation: Keep detailed records of system configurations and operational procedures.
Ideally you will also:
* Support DevOps operations: Collaborate with the DevOps team on managing Kubernetes clusters and AWS environments, ensuring efficient and secure operations.
* Conduct security audits: Perform regular audits and continuous monitoring to ensure compliance with internal policies and external regulations.
Timeline for Role Expectations
Within one month you will...
* Develop a company device inventory, including a process for provisioning new and returning equipment.
* Begin documenting IT processes and system configurations.
* Begin reviewing system access.
Within three months you will...
* Play an active part in achieving ISO compliance.
* Provide reports to fulfil internal data requests.
* Work with the DevOps team to review and document the system infrastructure.
About You
This role is a great fit if you...
* Have proven experience in similar IT systems roles.
* Have a strong understanding of access management and IT security.
* Have a good attention to detail and experience of documenting complex systems and processes.
* Are comfortable working independently and collaborating with others, including non-technical colleagues.
* Are passionate about cyber security.
This won’t be the right role if...
* You prefer systems admin to IT management.
* You have no experience of ISO compliance.
What you will get for your hard work...
* A competitive compensation package. The salary range for this role is roughly £40k - £55k annually, depending on experience.
* Work at one of the fastest-growing Cyber Security Start-Ups, who are revolutionising pentesting.
* A clear progression plan. We want you to keep growing. That means trying new things, leading others, challenging the status quo and owning your impact. Always with our complete support. That’s why in 2025, we will be rolling out our company-wide progression frameworks so you know exactly what’s required to progress at OnSecurity.
* Flexibility: We promote life-work balance at OnSecurity. We encourage everyone on our team to enjoy their life and ensure they have the balance they need to reach their full potential.
* Work where you work best. We’re a distributed team. If you live in Bristol we have a hybrid approach, if this is something that fits for your team. Otherwise, we are remote and so we build our ways of working around this.
Other benefits:
* 30 days annual leave a year + public holidays.
* Company pension scheme.
* Annual Performance reviews and generous salary increments for high performance (2025).
* Private Medical Insurance via Vitality.
* Enhanced parental leave (paternity & maternity).
* Paid study leave for employees leveling up their skills.
* Regular socials and activities, online and in-person.
* And many more incoming 2024 / 2025.
We operate a flexible interview process...
Application
Your answers to the questions we ask are really important to us and we do genuinely try to read and listen to all of them. The questions we ask are designed to highlight experience/values that align with the role that wouldn’t be immediately obvious in your CV.
You may also see some Diversity Questions. This information is always completely anonymous and there is no way of us connecting your answers to your application. What this information allows us to do is see at a high level where our applicant pool lacks diversity as well as identify trends where groups of individuals might be failing suggesting a potential bias.
1st Stage Interview (up to 1hr)
Team fit and company culture are the most important things to us so this interview will focus on your cultural alignment. There may be some questions that ask about bad decisions; these aren't trick questions! We believe failures are great learning opportunities. With these questions, it's best to be honest, accountable, and reflective. There may be some basic competency questions that will assess your ability to complete the day-to-day responsibilities of the role, but also to understand how you’ll fit into our team. We will also cover the main responsibilities of the role and we always leave time for you to ask us questions.
Final Interview
This interview will be largely competency-based; we will ask you to present an IT management project you have recently worked on. You can use slides, demos, or any tools you want to talk us through what you did and why. We will ask questions about the project and pose “what if” questions to assess how you approach work. Don't worry, we will give you plenty of time to prepare and our talent team can jump on a call with you to explain what we are looking for.
Feedback
We provide detailed feedback to every candidate that has an interview with us. If you don't sadly join our team, we want to help you in your job search and provide constructive feedback that can help you be successful in your next interview.
We ask interviewers to put together their thoughts and our People team will share all of it with you, both positive and constructive.
Once we have made you an offer and you have accepted, we will ask you to validate your employment via our background screening provider Zinc. All of our offers are subject to referencing and successfully passing the background check process.
#J-18808-Ljbffr