Security Testing Consultant

Location – Edinburgh or Bristol (Hybrid)

In this position, you’ll be based in either the Edinburgh or Bristol office for a minimum of three days a week, with the flexibility to work from home for some of your working week.  Find out more about our flexible work culture at computershare.com/flex.

We give you a world of potential 

We have an exciting opportunity for someone to join the Global Security Testing Team within Global Information Security (GIS) as a Security Testing Consultant. 

The Global Information Security (GIS) team is responsible for driving the development, deployment and management of information and cyber security across the Computershare businesses, globally. 

Through partnerships with the business units, Technology Services and other support functions, the Global Information Security team actively support the business objectives whilst reducing the overall composite risk to Computershare.

Sound of interest? Read on for specifics about what the role entails and the type of skillsets we are looking for! 

A role you will love

The Security Testing Consultants are responsible for execution of penetration testing and red team services under the direction of the team manager and senior consultants.

As technical specialists in the field, the consultants act as a point of technical escalation for all queries relating to offensive and the application of security testing techniques to assess the effectiveness and design of security controls. As well as actively penetration testing the Consultants are responsible for assessing and proposing improvements to tooling, updating processes and methodologies, and working with senior consultants and the team manager to design and trial new techniques, as part of the teams continuous improvement process.

Some other key responsibilities will include:

• Mentoring junior consultants suggesting opportunities for career growth.
• Review and edit testing standards and testing processes, assessing and proposing improvements.
• Perform full stack pen testing in house of a variety of components from cloud systems to on prem infrastructure, web apps, apis, databases and networks.
• Advise testing analysts on scope and quality of routine testing being performed by testing partners.
• Produce reporting on completed tests in a timely manner and to agreed standards.
• Review scoping documents and reports produced by both internal and external resource and participating in feedback when required.
  
   

What will you bring to the role?

The position holder will showcase significant experience participating in the scoping and delivery of penetration tests over and above standard scanning. With proven experience delivering comprehensive penetration tests of Web apps, API, databases, servers (both Unix and Windows), and Network segregation testing / firewalling.

You will have comprehensive understanding of testing methodologies and attack vectors in use across multiple technology stacks and proven experience in performing exploits to gain a foothold. Along with the understanding of cloud technologies, experience of performing penetration tests against these kinds of solutions.

Some other key skills that you’ll have:

• Extensive experience in the execution of penetration tests over a wide range of technology stacks, both in the cloud and on prem.
• Demonstrated experience in the execution of purple team testing alongside a blue team, and involvement in red team work.
• Excellent written and verbal communication skills. 
• Highly organised approach with an attention to detail.
• Experience working with technical specialists from outsourced partners and suppliers.
• Multiple security qualifications such as CRT, EJPT, OSCP, GPEN, CEH, CompTIA Security+/ Pentest+ or equivalent.
• Hold or willing to work towards gaining further qualifications in offensive security, or wider information security qualifications such as CISSP and CPSA.