Penetration Tester

ROLE DESCRIPTION

You will be a member of a strong community of internal penetration testers, with exposure to all parts of the firm and its most critical systems. The role involves penetration testing of a wide variety of applications, including web applications, infrastructure and cloud. You will have access to source code for most of the tested systems, enabling quick verification of your hypotheses.

In this role, you will join one of the most progressive Technology Risk teams in the industry which continues to push the development of risk in preference to security within technology and the business. You will collaborate with technology teams on both in house projects and external cloud adoptions to deliver secure products and solutions.

HOW YOU WILL FULFILL YOUR POTENTIAL

• Perform penetration tests and find impactful vulnerabilities in a wide variety of web applications, cloud-based systems, and infrastructure platforms (e.g. banking websites, payment applications, authentication systems, core internal frameworks, critical infrastructure)

• Work with teams to recommend ways of addressing vulnerabilities and propose systematic improvements.

• Grow and share your knowledge with the community of internal pentesters.

SKILLS AND EXPERIENCE WE ARE LOOKING FOR

• Experience in penetration testing across the mentioned areas.

• Strong understanding of web security topics, ability to build exploit chains and articulate impact of individual findings.

• Experience in analysing complex infrastructural systems by code review, server and cloud configuration analysis, reverse engineering and fuzzing.

• Working knowledge of common security tools (Burp Suite, Wireshark, Ghidra, netcat)

• Familiarity with one or more languages (Java, Javascript, Python, C++, C#)

• Well versed with TCP/IP stack and network protocols

• High level knowledge of cryptography concepts

PREFFERED QUALIFICATIONS

• Experience in adopting or crafting custom proof of concept exploits

• Knowledge of common cloud products and solutions

• Bachelor of Science in Computer Science, Cyber-Security, or Information Security is preferred

• Experience or trainings in related disciplines e.g. computer security, network security, network device management, IT administration, cloud security, infrastructure pentesting is preferred

• Certificates (of equivalent knowledge) like OSCP, OSEP, OSWP