Penetration Test Lead - Bristol, United Kingdom - Expleo

    Expleo
    Expleo Bristol, United Kingdom

    2 weeks ago

    Default job background
    Permanent
    Description

    Responsibilities

  • Stakeholder management – engaging with internal Expleo stakeholders, customers, and prospective clients–often solo projects to completion.
  • Listening and liaising with clients to understand their requirements to contribute to scoping of new business
  • Able to conduct authorised penetration testing of public sector and critical national infrastructure systems and networks, identifying vulnerabilities, and providing recommendations for security enhancements
  • Perform penetration tests and security assessments for infrastructure, following NCSC-recognised method
  • Conducting web application and infrastructure penetration tests and other opportunities as the service matures
  • Excellent report writing and communication skills, capable of explaining technical details to non-technical stakeholders.
  • Self-Development – Up-skilling and learning new skills–a growth mindset
  • Travelling between Expleo and customer sites throughout the UK as required
  • Research and development work as and when required, to continue to advance core knowledge in areas
  • Identifying new ways of working, such as methodologies, tools and processes used by the team
  • Conducting research on education-specific environments and technologies
  • Identifying new opportunities.

    • Qualifications

  • At least one of the following CREST examinations: CREST Certified Infrastructure Tester (CCT Inf) for CHECK Team Leaders in Infrastructure, CREST Certified Web Application Tester (CCT App) for CHECK Team Leaders in Web Applications, or CREST Registered Penetration Tester (CRT) for CHECK Team Members.
  • Current or eligibility to achieve at a minimum SC clearance.

    • Essential Skills

  • Security testing experience (red teaming, cloud security, application security, or network security)
  • You have experience with OT/ICS Cyber Security. (Nice to have)
  • Experience with threat modelling concepts and frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE)
  • Experience with NCSC-recognised penetration testing methods.
  • Familiarity with legal and regulatory requirements related to penetration testing and cybersecurity.
  • Experience in penetration testing and/or application security engineering is a must.
  • Technical knowledge of cloud hosting and penetration testing techniques of cloud-based applications. Familiarity with AWS is desirable.
  • Familiarity with penetration testing tools such as BurpSuite, Nessus, OWASP Zap, SoapUI etc.
  • Extensive knowledge and experience in securing and developing web applications, APIs/web services and mobile apps.
  • Strong knowledge of Web, API and mobile application security testing frameworks and methodologies.
  • Identify and exploit vulnerabilities in systems, networks, and applications.
  • Strong knowledge of application security best practices including OWASP Top 10
  • Technical knowledge in software engineering, system and network security, authentication and security protocols, cryptography, and network/web related protocols (., TCP, UDP, HTTP, HTTPS)
  • Experience with static analysis, security code review, security automation and security training is desirable. Scripting and development experience is highly desirable.
  • Penetration testing experience with IoT devices, mobile applications, or code review.
  • Development experience with common scripting/programming languages such as Python, Golang, and C#. (Nice to have)

    • Benefits

  • Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges
  • We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects
  • Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses
  • Competitive company benefits such as medical and dental insurance, pension, life assurance, employee wellbeing programme, sports and social events, birthday hampers and much more
  • Always working as one team, our people are not afraid to think big and challenge the status quo
  • As a Disability Confident Committed Employer we have committed to: Ensure our recruitment process is inclusive and accessibleCommunicating and promoting vacanciesOffering an interview to disabled people who meet the minimum criteria for the jobAnticipating and providing reasonable adjustments as requiredSupporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people

    • "We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age".

    We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive