Penetration Tester

The individual will be responsible for carrying out security testing of Callcredit applications (including externally facing web applications) and infrastructure. They will be responsible for identifying any security weaknesses within these systems, assessing the risks, and suggesting appropriate remediation activities.

KEY RESPONSIBILITIES

• Identification of security weaknesses & risks in all systems tested
• Producing clear and comprehensive reports
• Accurate record keeping and tracking of identified vulnerabilities
• Timeliness of Management Information

KEY TASKS

• Carrying out regular security assessments of different Callcredit systems, using both automated tools as well as manual testing.
• Assisting development teams in carrying out static code analysis.
• Liaising across the organisation in order to identify and prioritise the systems to test.
• Producing clear written reports of any findings, including explaining these in terms of risks to the business, to relevant stakeholders.
• Producing recommendations for how to fix any vulnerabilities found.

Essential Qualifications:

Penetration testing qualification or certification, such as CHECK, CREST, CEH, or OSCP

Desirable Qualifications:

Master Degree in Information Security.

Essential Skills: 

• Strong understanding of security issues relating to web applications, such as cross-site scripting (XSS), cross-site request forgery (CSRF), SQL and code injection, session management, and authentication methods and issues.

A good working knowledge of, and understanding of security issues relating to:

- Web Servers (in particular IIS)

- Application Servers (in particular using .NET technologies)

- Database systems (in particular SQL Server)

- Firewalls (in particular Cisco ASA & Checkpoint)

- Load balancers

- Routers & switches

• Ability to quickly grasp high-level technical concepts
• Ability to use initiative and take control
• Excellent communication and interpersonal skills
• Forward thinking with strong problem solving skills
• Ability to work independently. 

Desirable:
Knowledge of UK laws relating to security testing, such as the Computer Misuse Act.

Essential Experience:

Relevant experience within a large organisation performing controlled security testing on Applications and Infrastructure.

Desirable Experience:

Experience of working within a large organisation to perform security testing.

• Health and accident insurance
• Training and development programs
• Carrier opportunities
• Company’s event and access to VIP lounge at Zalgirio arena
• Social responsibility events and initiatives
• Paid days for volunteering
• Nice office, free parking in central area
• Work from home opportunity
• Ergonomic office space