Penetration Testing Engineer
Recruitment Agency Reference: 7110440
A position has arisen to join a leading telecommunications company as a Penetration Testing Engineer.
IR35 Status: Inside
Location: Reading – occasional site visit to Reading
Duration: 3 months initially
Duties will include:
-
Perform agile manual penetration of web and mobile applications, cloud services and software created in-house through an agile approach
-
Communicate comprehensive findings, as well as providing security guidance to application and product owners to remediate security vulnerabilities, and mentor developers and junior security engineers
-
Perform threat modelling and code reviews to assess the security implications of patches, new features, systems, and technologies
-
Write proof of concept code to demonstrate the severity of a potential security issue
-
Provide clear communication on issues to developers that suggest and help to test the fix, as well as providing actionable long term risk mitigation guidance
-
Conduct independent vulnerability research pertaining to the technology stack
-
Perform threat modelling and code reviews to assess the security implications of patches, new features, systems, and technologies.
-
Identify novel attacks and security weaknesses across digital environment; automate the discovery using state-of-the-art control-flow and data-flow analysis techniques, methods, and tools
Specific Knowledge & Experience:
-
Clear and demonstrable understanding of penetration testing and red teaming including NCSC and CREST accredited schemes, Ethical Hacking or SANS certifications
-
Experienced in successfully delivering web/mobile application security-testing, cloud testing, cloud technology security testing (compute, storage, functions, K8s, KMS, IAM, etc.), database, and web server design and implementation, cloud vulnerability assessments, web application security testing, network penetration testing, or red teaming
-
Experience with manually auditing source code or scripting and editing existing code and programming (using one or more of the following: Perl, Python, Ruby, bash, C/C++, C#, or Java) to find security issues
-
Experience with security engineering practices such as in web application security, network security, authentication and authorisation protocols, cryptography, automation, and other software security disciplines
-
Experience with using, administering, and troubleshooting of Linux or Ubuntu, as well as experience with security assessment tools (Nessus, Metasploit, Burp Suite Pro, etc.), as well as open security testing standards and projects (OWASP, CWE and Mitre ATT&CK)
To apply for this role, please contact Renay Demoore on the Reading Recruitment team on 0118 207 1212 or rdemoore@venngroup.com
Venn Group is an equal opportunities employment business and employment agency and welcomes applications from all candidates.