- Carrying out regular security assessments of different Callcredit systems.
- Liaising with Callcredit staff, including Group Security and the Project Management Office, in order to identify and prioritise the systems to test.
- Producing clear written reports of any findings, including explaining these in terms of risks to the business, to relevant stakeholders.
- Producing recommendations for how to fix any vulnerabilities found.
- Keeping accurate records of any findings, and tracking security risks from the initial finding until they’re fixed or accepted.
- Proven web application & infrastructure testing experience, including an understanding of different approaches to security testing.
- Strong programming / scripting skills
- Experienced with using automated vulnerability assessment tools and of interpreting the output.
- Proven experience of carrying out code reviews (.NET especially) for identifying security weaknesses, both in the static code and the business
- Strong understanding of security issues relating to web applications, such as cross-site scripting (XSS), cross-site request forgery (CSRF), SQL
- Understanding of security issues relating to: IIS, .NET technologies, SQL Server, Cisco ASA & Checkpoint, Load balancers, Routers & switches
- Degree in an Information Technology related discipline
- Knowledge of the ISO27001 and PCI-DSS standards.
- Penetration testing qualification or certification, such as CHECK, CREST, CEH, or OCSP.
Callcredit Information Group offers a competitive package and a modern, friendly and dynamic team environment in which to work and develop your