Penetration Tester
4 months ago
Derby, United Kingdom
Expleo
Full time
Responsibilities
Conduct comprehensive penetration testing on client systems, networks, applications, and devices to identify security vulnerabilities. Develop and execute detailed testing plans and methodologies for various environments, including Cloud, OT, Application, IT, and IoT. Produce detailed reports that clearly communicate vulnerabilities, their potential impacts, and recommended remediation strategies. Collaborate with client teams to explain findings, support remediation efforts, and provide post-testing debriefs. Stay up-to-date with emerging cybersecurity threats, vulnerabilities, and mitigation techniques. Assist in the development and refinement of security policies and procedures based on testing results. Provide training and guidance to clients on best practices for securing their environments. Contribute to the continuous improvement of Expleo’s penetration testing methodologies and tools. Ensure that penetration testing activities comply with internal and client-specific quality assurance standards. Support the sales process by providing technical expertise and insights during client engagements. Manage the configuration and maintenance of penetration testing tools and environments. Track and report on project progress, ensuring timely delivery of testing activities and documentation.
Qualifications
Relevant education or industry-recognised certifications in management-related subjects suited to this role (MSc, BSc, CREST, OFFSEC, GIAC, EC-Council, CompTIA)
Essential skills
Deep understanding of network architecture and protocols. Deep understanding of operating systems. Good understanding of API vulnerabilities. Demonstrable knowledge in web application penetration testing, under OWASP or equivalent framework. Good knowledge of at least one scripting language, such as Python, Bash, and PowerShell. Proficient in penetration testing tools and techniques. Excellent analytical and problem-solving skills. Strong written and verbal communication skills, with the ability to explain complex technical issues to non-technical stakeholders. Ability to work independently and as part of a team in a fast-paced environment. Strong organisational and time management skills.
Desired skills
Knowledge of OT and IoT security practices and standards. Experience in conducting red team exercises.
Experience
Minimum of 5 years of experience in penetration testing or a related cybersecurity role. Proven experience working as a Pen Tester in an IT consultancy role or blue-chip environment. Hands-on experience with penetration testing and vulnerability detection tools, such as Burp Suite, Nmap, Wireshark, Metasploit, and Nessus. Proven track record of identifying and exploiting security vulnerabilities in diverse environments. Experience with Cloud security assessments (AWS, Azure, GCP). Familiarity with secure coding practices and application security testing.
What do I need before I apply
Have the right to work in the UK. Current or eligibility to achieve at a minimum SC clearance.
Benefits
Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses Competitive company benefits Always working as one team, our people are not afraid to think big and challenge the status quo