Penetration Tester / Ethical Hacker

If you are looking for a permanent role as a pen tester, we are looking for a Penetration Tester to join our internal team.

Within the internal testing team, you will deliver a range of security assurance services such as web application penetration tests, network, and infrastructure penetration tests. You will be exposed to cutting edge Cloud technologies. You may also undertake social engineering engagements and physical security assessments and secure code reviews.

Your findings will be logged in our centralised vulnerability management system and feed into our ongoing vulnerability management process. This will have a significant impact and will create change across the business.

You will work alongside IT and development project teams to ensure that all our services – both to our customers and to our staff – are delivered in a secure manner. This will range from production systems, to projects in development cycles and could also include AI and LLM solutions. You will question information that others would take on face value and remain inquisitive to improve the quality of security tests carried out against our infrastructure and applications.

We provide a generous training budget. Members of the team have chosen to undertake numerous training courses and further certifications including SANS and CREST. We expect you to keep up to date on current security trends, techniques, and tools. We love gamifying security training, and staff are encouraged to take part in CTFs. You will also be encouraged to attend conferences, seminars, and industry briefings.

Responsibilities 

An Internal Penetration Tester will:

• Carry out detailed application, infrastructure, cloud and AI/LLM penetration test assignments either alone or in a small team.
• Produce high quality written findings.
• Work collaboratively with the wider Cyber Risk and Resilience teams. 
• Assist with post incident reviews when required.

Essential Experience/Skills

• Vulnerability writing skills.
• Familiarity with ‘standard’ penetration testing tools.

Highly desirable skills 

• Experience in penetration testing of Applications and Infrastructure
• Familiarity with at least one cloud platform such as Microsoft Azure, Amazon AWS or Google GCP.
• Familiarity with testing AI and LLM solutions.
• Understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
• Programming or scripting skills in at least one modern computer language.
• Experience with BurpSuite, Kali and similar common manual penetration testing tools.