Senior Penetration Tester / Head of Penetration Testing – London - £75k-95k DOE
Opportunity working for a leading independent cyber security consulting firm based in London but operating across the UK. Specialising in Penetration Testing and Security Advisory Services dedicated to delivering world-class service to their clients, many of whom work exclusively to advance their security. We have built an impressive client base that includes major clients within the financial services, telecoms, ecommerce, defence and energy sectors.
The right candidate will be offered unmatched career progression and grow through levels in one of the industry's leading independently owned cyber security companies.
The role would suit an ambitious candidate that is looking to move on from a large security consulting firm, accelerate their career; and progress to Senior Penetration Tester level.
- Research / lab time – Got a pet security project? We’ll give you the time to finish it; and explore options for further research.
- Speaking opportunities – Our pen test team is well respected, and we would expect you to present on a regular basis to the community.
- Flexible working – Work can be carried out from home where business needs permit.
- Training – Each of our consultants is assigned to an ongoing professional training programme, agreed upon commencement and each year thereafter.
- Conferences – We expect the penetration testing team to make a visible presence at industry conferences, such as OWASP, Black Hat and DefCon.
- Your voice will be heard - You will have the opportunity to become directly involved and influence our direction.
- Benefits - 25 days annual leave; Annual Company Bonus; Contributory company pension; Corporate sick pay scheme; Interest free season ticket loan; Cycle to Work scheme; Subsidised gym membership; Perkbox Employee Benefit scheme; Childcare vouchers;
- Delivering a range of assessment types including Web Application, API, Mobile and Infrastructure tests.
- Leading Cyber Essentials projects for clients.
- Producing high quality reports to clients that highlight areas of identified weaknesses.
- Providing advice to clients on remediation routes.
- Delivering all projects to the very high standards our clients expect.
- Work with other members of the team to share knowledge and experience, and to find creative ways of solving technical issues.
- Attending project commencement calls and meetings to finalise the scope for upcoming projects.
- Helping scope up projects and assist the sales team in developing competitive proposals that win business.
- Achieving CHECK Team Leader (CTL) within the first 12 months.
- Pre-sales and post-sales client support.
- Responsible for the management and coordination of all penetration testing activities in the organisation, ensuring that Client and regulatory testing requirements are adhered to.
- Ensure that testing is appropriately scoped and tested in accordance with the agreed testing deadlines.
- Manage supplier and 3rd party relationships.
- Allocate testing activities to the pentesting team to ensure all deadlines are met.
- Responsible and accountable for penetration team management and associated HR activities such as mentoring, training and performance reviews.
- Manage the budget and penetration testing finances.
- Maintain a test register /schedule tracker identifying test status and annual testing dates.
- Set strategic vision including the review and update of existing supporting processes and procedures.
- Maintain your testing knowledge and skills
- Manage and coordinate red team and purple team activities.
- Validate the quality and standards of the team deliverables against best practice and processes and support their day to day activities.
- Validate that the team are providing accurate /timely reporting of findings with appropriately recommended counter measures or mitigating controls.
- Produce MI reports pertaining to all pentesting testing metrics and present to the senior leadership team.
- At least eight year’s experience working as a full time penetration tester.
- Having managed a team of pen testers beneath them.
- BSc in Computer Science, Engineering or equivalent.
- Confidence and ability to carry out assessments independently.
- At least one of the following qualifications: CREST CRT, OSCP or Tigerscheme QSTM.
- The ability to work towards client-led or internal deadlines.
- Highly organised approach with an attention to detail.
- Familiarity with the OWASP Top 10 and SANS CWE Top 25 and an understanding of how these vulnerabilities can be exploited.
- A creative approach to performing thorough proven-method tests.
- Excellent verbal and written communication skills, and the ability to write strong technical reports.
- An articulate and confident presentation style.
- The ability to explain how exploits were successful, and how a client could remediate the vulnerabilities raised during an assessment.
- Highly professional and dependable.
- Willingness to travel.
- Knowledge of hardware and embedded system security.
- Red teaming experience.
- Ability to carry out cloud security assessments on AWS, Google Cloud or Azure.