Penetration Testing Engineer

At Virgin Media O2, our mission is to ensure the security, resilience, and reliability of our platforms. As part of our team, you’ll be at the forefront of tackling complex security challenges, constantly innovating and pushing boundaries to deliver impactful solutions at scale.

Our Senior Penetration Testing Engineers are recognized experts in their field, shaping the future of engineering and application security at Virgin Media O2. You will have the opportunity to influence strategic decisions, refine security practices, and contribute to the development of stronger, more secure software across the business.

In this role, you will lead detailed manual assessments of digital products, services, and software, identifying vulnerabilities that automated tools or static analysis may miss. You’ll also be responsible for developing custom tools to enhance our security capabilities. With Virgin Media O2’s vast and diverse digital landscape, your expertise will be critical in improving automation across the enterprise and proactively protecting customer security.

Key responsibilities & accountabilities

·        

• Perform agile manual penetration of web and mobile applications, cloud services and software created in-house through an agile approach: 

1. iterative, dynamic process to feed test objects into the pen testing scope, and 

2. iterative and dynamic process to present pen testing results, and 

3. align to CI/CD cycles, including security automation tools (SAST, DAST, SCA, etc.)  

·        

Effectively communicate comprehensive findings, as well as providing security guidance to application and product owners to remediate security vulnerabilities, and mentor developers and junior security engineers 

·        

Perform threat modelling and code reviews to assess the security implications of patches, new features, systems, and technologies. 

·        

Write proof of concept code to demonstrate the severity of a potential security issue 

·        

Provide clear communication on issues to developers that suggest and help to test the fix, as well as providing actionable long term risk mitigation guidance 

·        

Partner with product owners and software engineering teams to drive improvement in application security as a result of security review engagements 

·        

Conduct independent vulnerability research pertaining to Virgin Media O2 technology stack  

·        

Perform threat modelling and code reviews to assess the security implications of patches, new features, systems, and technologies. 

·        

Identify novel attacks and security weaknesses across the Virgin Media O2 digital environment; automate the discovery using state-of-the-art control-flow and data-flow analysis techniques, methods, and tools. 

Essential skills, knowledge, or experience

(Inc. professional or technical qualifications)

·        

Degree in computer science, security, or equivalent experience

·        

Demonstrable understanding of penetration testing, red teaming, and relevant certifications (e.g., NCSC, CREST, Ethical Hacking, SANS)

·        

Proven experience in web/mobile application security testing, cloud technology security, vulnerability assessments, and red teaming

·        

Strong experience in manual code auditing, scripting, and programming (e.g., Perl, Python, Ruby, bash, C/C++, C#, Java) to identify security issues

·        

Solid knowledge of security engineering practices, including web application security, network security, cryptography, and automation

·        

Proven ability to use, administer, and troubleshoot Linux or Ubuntu, along with experience using security tools (e.g., Nessus, Metasploit, Burp Suite Pro) and frameworks (OWASP, CWE, Mitre ATT&CK)

·        

Detail-oriented with strong problem-solving skills