Job Title: Penetration Tester

Location: Radbroke, UK

Contract Duration: 6+ Months

Mode: Hybrid

KEY CRITERIA FOR THIS POSITION:

The ideal candidate has extensive and in-depth understanding of secure software development life cycle in a continuous integration and deployment environment. Key project deliverables include:

• Assessing and scoping application security needs
• Identifying technology and control risks
• Recommending improvements in procedures, processes, operations, and systems
• Conducting Web/API/Mobile/Thick client/Network penetration testing.
• Assisting with reporting methodology enhancements
• Responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and IT risk across the enterprise.
• Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios.
• Research, analyze and identify potential vulnerabilities and security deficiencies in the company’s information systems.

Experience:

• Candidate should have overall experience of 2 to 4+ years on penetration testing.
• Certification: Desirable industry security certifications such as CEH, eWAPT, ECSA, OSCP, GWAPT, eWPTX. Knowledge of information security fundamentals, best practices, and industry standards with responsibilities of protecting information assets.
• Hands on experience on penetration testing tools such as Burp Suite, Nessus, Kali Linux, POSTMAN, Fiddler, SOAPUI, HCL AppScan, Sqlmap, Mobsf, Apktool etc.

KNOWLEDGE AND SPECIAL ABILITIES REQUIRED:

Required Technical Expertise:

• Proficiency in conducting Web Application VAPT (Black/Gray/White box) activities to identify and mitigate security vulnerabilities as per OWASP Top 10.
• Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security vulnerabilities.
• Proficiency in Conducting Mobile (IOS/Android) Security testing (SAST/DAST) activities to identify and mitigate security vulnerabilities.
• Proficiency in Conducting Thick client Security testing activities to identify and mitigate security vulnerabilities.
• Understanding of Cloud Security & Container security.
• Proficiency in Conducting External and internal network Penetration testing.

Soft skills/personality fit:

• Ability to work independently with minimal supervision.
• Willingness to make decisions and accept accountability for decisions.
• Must be willing to learn BMO processes and policies.
• Excellent communication/speaking skills.
• Presentation skills and public speaking skills – in-person, telephone, web.