Penetration Tester

The Penetration Tester reports to the Attack Surface Manager within the CISO (Chief Information Security Officer) function.
The role will be responsible for running RSA’s penetration testing capabilities, including delivering penetration testing engagements internally and managing external penetration testing suppliers.

The role will require good interpersonal skills to forge relationships with the Development, Delivery and Change communities to ensure that security testing can be consumed by projects delivering new systems and solutions. The BAU security testing schedule (penetration testing, vulnerability assessment and vulnerability management) will form a large part of the role, ensuring our testing approach for existing systems are in step with emerging cyber security threats and RSA’s risk appetite.

This role will require a blend of skills, both technical and interpersonal to ensure RSA’s testing requirements are met.
As part of the Cyber Defence team within RSA you will also need to assist with managing zero-day threats and security incidents and represent the team in design, architectural and project delivery forums.

Ideal experience required is 2-3 years, however we will consider someone who is new to the field and has an interest in developing.

**Responsibilities**
- Maintaining RSA’s security testing capability.
- Providing a consumable security testing service to the technical and business communities, through both management of third parties and delivery internally.
- Maintaining and championing the security testing elements of the SDLC.
- Deliver a security testing programme covering penetration testing, red and purple teaming to RSA UK each year
- Track the progress of remediation and act as the customer for projects delivering remediation activity
- Review emerging cyber threats and industry trends to ensure that RSA’s security testing capability remains effective and relevant

**Role Requirements**
- Excellent knowledge of penetration testing approaches and techniques
- Excellent knowledge of red teaming approaches and techniques
- Experience in managing third party suppliers
- Ability to communicate technical risk information in business terms and contexts
- Relevant technical security qualifications or experience, for example OSCP, SANS, CREST.

**About Us**:

- A welcoming, diverse and inclusive culture is an important element for RSA in our best-in-class ambition. RSA thrives when everyone feels comfortable bringing their best self to work. We have a diverse mix of customers and we want our employee base to reflect that. We celebrate difference, whilst striving to create an environment where colleagues feel respected and valued for their unique potential._
- Our commitment to diversity is sincere, continually growing and led right from the top._

**Our Values** Integrity -** Be honest, open and fair. Set high standards. Stand up for what is right.

**Respect -** Be kind. See diversity as a strength. Be inclusive and collaborate

**Customer Driven -** Listen to our customers. Make it easy, find solutions. Deliver second-to-none experiences.

**Excellence -** Act with discipline and drive to outperform. Embrace change, improve every day. Celebrate success yet remain humble.

**Generosity -** Help others. Protect the environment. Make our communities more resilient.

Job Reference: UK.08929