Job Description
The Penetration Testing Lead role & responsibilities is detailed below:-
* Responsible for customer Cybersecurity OT & IT Annual Penetration testing lifecycle.
* Responsible for delivering defined volume of pen tests across Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments.
* Responsible for identifying & tiering customer OT & IT assets, services & systems to build on the current Tiering system identified in the Discovery phase.
* Prioritisation, detailed planning & scheduling of all Pen Test engagements. Ensuring weekly, monthly & annual testing exercises and scheduled based on Tiering.
* Engage with Product Group owners & internal stakeholders as part of the discovery phase to ensure that there will be no duplications of effort around pre-existing/pre-planned pen test engagements (Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments)
* Manage Annual Pen test Supplier engagements & the relationships within customer.
* Manage all onboarding and offboarding of 3rd party Supplier resources, ensuring they have all required accounts/privilege/physical security badges etc to be able to start their engagement.
* Responsible for managing Operational Gas Business Owner relationships.
* Manage regulated operational sites business processes including sign off.
* Build and own all required and relevant policies and procedures around pen testing within customer adhering Best Practices & NCSC guidance.
* Review 3rd parties pen test reports, briefing internal stakeholders on findings.
* Capture and document the findings, risks and exceptions and recommend remediation.
* Collaborate with IT and cybersecurity teams to enhance security protocols and remediate finding.
* Tracking progression of remediation tasks. Reporting on a weekly basis to internal stakeholders on progress and any blockers. Building secure Power Bi dashboards to report on progress.
* Update the customer CMDB with the relevant vulnerabilities. Ensure this is highly secured.
* Provide monthly reporting on remediation activities and track progress to Cybersecurity & I.T Management team.
* Manage the patching regime to remediate the identified pen test vulnerabilities. Confirm with BAU Vulnerability Management team that there is no duplication of effort.
Required skills.
* Strong understanding of both OT & IT asset profiles, technology & security best practice principles.
* Excellent report writing and communication skills for documenting findings and advising on security improvements.
* Must have previous experience working in a technical cyber security role.
* Strong understanding of network protocols, cryptography, and security vulnerabilities.
* Preference given to candidates with OSCP certification.
* Preference given to candidates that have recent experience working as a Pen tester or worked in a Red Team type role.
* SC clearance (Need to confirm requirement) & CREST Certification would be preferable.
* Proficiency with penetration testing tools.
* Understanding of OWASP.
* Understanding of what API’s are, how they’re used and how they can be utilised by an attacker.
Strong stakeholder engagement and relationship management