Job Description
This is a full-time role for a Level 3 Information Security Analyst to join a mature managed services Cyber team who manage the security posture of critical infrastructure and services under an ISO27001 and Cyber Essentials + certified managed service environment.
You will be responsible for conducting Adversary Emulation which include penetration tests as well as red-teaming exercises for health care enterprises.
This is a technical, hands-on role, and the successful candidate will be responsible for showcasing how an adversary can take advantage of vulnerable systems in an organization to get initial access to enterprise assets and then move laterally to widen the impact. They will also be responsible for providing very specific guidance to mitigate these security gaps/mis-configs/vulnerabilities.
The successful candidate will be responsible for conducting Adversary emulation on various enterprise environments including but not limited to On-prem Infrastructure, Cloud, Web Apps, Non-Web Apps, IOT, Mobile Apps and Devices, Scada environments, etc.
Skills & Experience:
* Extensive experience in conducting penetration tests for Applications, IT Infrastructure Services, Cloud, IOT, Scada, Network devices, Mobile Platforms, Hardware appliances, etc.
* Experience in planning and executing Whitebox, Blackbox, and Greybox penetration testing.
* Experience in planning and executing red teaming exercises including general reconnaissance, social engineering, breach simulations etc.
* Experience in conducting automated as well as manual penetration tests.
* Experience in conducting manual config reviews for Network devices, Servers, IOT devices, Applications etc.
* In depth understanding for general security principles.
* In depth understand of how security technologies like firewalls, EDR, SIEM, TVM operate in a coherent manner, and how to avoid unnecessary alerts while executing an Adversary Emulation exercise.
* Excellent communication, reporting, and presentation skills.
* Ability to plan, prioritise, be proactive and manage own workload.
* Understand up-to-date security threats and common exploits.
* Have an open attitude to sharing knowledge and information.
* Excellent analytical and problem-solving skills.
* Desire to learn new technologies.
* A motivated attitude to learn and challenge comfort zone.
* To keep up to date with the latest security and technology developments.
Desirable
* Cyber security certification (e.g. OSCP, CRTO, OSCE, OSWP, etc).
* Scripting Experience.
Additional Information
* Must have the right to live and work in the UK or Republic of Ireland.
* Due to our location, access to own transport is essential.
* Must meet Security Clearance requirements if this is a requirement of the role and any offer would be conditional upon the successful candidate passing BPSS which includes a criminal record check.
We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.