Job Description
Job Title: Penetration Tester
Location: Radbroke, UK
Contract Duration: 6+ Months
Mode: Hybrid
KEY CRITERIA FOR THIS POSITION:
The ideal candidate has extensive and in-depth understanding of secure software development life cycle in a continuous integration and deployment environment. Key project deliverables include:
* Assessing and scoping application security needs
* Identifying technology and control risks
* Recommending improvements in procedures, processes, operations, and systems
* Conducting Web/API/Mobile/Thick client/Network penetration testing.
* Assisting with reporting methodology enhancements
* Responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and IT risk across the enterprise.
* Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios.
* Research, analyze and identify potential vulnerabilities and security deficiencies in the company’s information systems.
Experience:
* Candidate should have overall experience of 2 to 4+ years on penetration testing.
* Certification: Desirable industry security certifications such as CEH, eWAPT, ECSA, OSCP, GWAPT, eWPTX. Knowledge of information security fundamentals, best practices, and industry standards with responsibilities of protecting information assets.
* Hands on experience on penetration testing tools such as Burp Suite, Nessus, Kali Linux, POSTMAN, Fiddler, SOAPUI, HCL AppScan, Sqlmap, Mobsf, Apktool etc.
* KNOWLEDGE AND SPECIAL ABILITIES REQUIRED:
Required Technical Expertise:
o Proficiency in conducting Web Application VAPT (Black/Gray/White box) activities to identify and mitigate security vulnerabilities as per OWASP Top 10.
o Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security vulnerabilities.
o Proficiency in Conducting Mobile (IOS/Android) Security testing (SAST/DAST) activities to identify and mitigate security vulnerabilities.
o Proficiency in Conducting Thick client Security testing activities to identify and mitigate security vulnerabilities.
o Understanding of Cloud Security & Container security.
o Proficiency in Conducting External and internal network Penetration testing.
Soft skills/personality fit:
o Ability to work independently with minimal supervision.
o Willingness to make decisions and accept accountability for decisions.
o Must be willing to learn BMO processes and policies.
o Excellent communication/speaking skills.
o Presentation skills and public speaking skills – in-person, telephone, web.