Penetration Tester

What will your typical day look like?

As part of the Global Cybersecurity team, responsibilities will be to work with customers to deliver technical assessments against a broad range of services. You will use your communication skills to provide consultative guidance to customers on findings identified, how to effectively engage services and the available capabilities. In this interesting and diverse role, you will:

Evolve and enhance approach for managing customer requests and queries for technical testing.
Support the integration of testing analysis across disciplines to improve testing exercises and improve end product to our customers.
Assist in technical scoping of security testing activities.
Curate and assessment of vulnerability data (across multiple platforms/tools).
Take part in typical testing activities including Software/Web application penetration testing, network penetration testing, mobile application penetration testing, thick client penetration testing, and more.
Provide technical guidance in supporting member firms in conducting necessary remedial actions and responding to client vulnerability questions or disclosures.
Help develop tooling deployment and relevant scanning configurations to enhance practical testing processes.
Operate in the wider organization to drive risk reduction goals and in the continuous improvement vulnerability related service.

ational security function (Penetration Testing)
Experience in any of the following platforma would be highly beneficial; Burp or OWASP ZAP, Kali Linux, Nmap, Metasploit, Postman, Gobuster, Dirbuster, SQLMap.
Familiarity with software security weakness and vulnerabilities.
Must be able to work under pressure and produce content to tight timelines.
Bachelor’s degree in a business or cyber security domain; or candidates with relevant work experience in an appropriate field.

Preferred:

Ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and nontechnical audiences.
Threat modeling experience.
Scripting experience (Power shell, Python).
Sound knowledge of common infrastructure and web application vulnerabilities and common vulnerability categorizations such as OWASP, CVSS
Secure DevOps experience.
Knowledge of ticketing and tracking tools such as Service Now – Security Operations.