Penetration Tester Vacancy
We are actively recruiting for a CREST CRT or OSCP qualified penetration tester to join our UK or Gibraltar based team. This role is for a penetration tester capable of testing web applications, mobile applications, infrastructure and be able to perform phishing testing.
Starting salary of £35,000 rising to £70,000 with boosters
Subsidized conference attendance
Structured planned training
25 days holiday
Subsidized personal projects, research and lab time
Delivering a range of assessment types including Web Application, API, Mobile and Infrastructure tests.
Leading Cyber Essentials and Plus projects for clients.
Producing high quality reports to clients that highlight areas of identified weaknesses.
Providing advice to clients on remediation routes.
Delivering all projects to the very high standards our clients expect.
Work with other members of the team to share knowledge and experience, and to find creative ways of solving technical issues.
Attending project kickoff calls and meetings to complete the scope for upcoming projects.
Assist the sales team in developing competitive proposals that win business.
Provide outstanding client support.
Absolutely must be CREST CRT or OSCP and CPSA qualified
CISSP is desirable
The ability to work towards client-led or internal deadlines.
Highly organised approach with an attention to detail.
Understanding of the OWASP Top 10 and how these vulnerabilities can be exploited.
Must be eligible to work in the UK and/or Gibraltar
Must be able to travel and be happy spending 40% of working time away from home
Excellent English skills and the ability to write perfect test reports
Able to mentor and support junior members of the team
Have a desire and drive to actively engage in research and publication
A creative approach to performing thorough proven-method tests.
Excellent verbal and written communication skills, and the ability to write strong technical reports.
An articulate and confident presentation style.
The ability to explain how exploits were successful, and how a client could remediate the vulnerabilities raised during an assessment.
Highly professional and dependable.
Knowledge of hardware and embedded system security.
Red teaming experience.
Ability to carry out cloud security assessments on AWS, Google Cloud or Azure.