Senior Security Penetration Tester

What you’ll be doing

as a Senior Security Penetration Tester Help support and develop an internal penetration testing function.
Conduct network, application penetration testing, code and security reviews.
Identify and exploit vulnerabilities through proof-of-concept testing.
Support vulnerability management across the enterprise, ensuring that a framework for identification, categorisation and mitigation exists and is implemented and maintained.
Responsible for supporting the creation of the operating model for vulnerability management, which is shared, agreed and operates effectively across the business.
Develop and maintain penetration testing documentation, policies, and procedures.
Integrate cybersecurity solutions (e.g. vulnerability scanning tools) with existing systems, applications, and infrastructure.
Evaluate and recommend technologies, tools, and vendors to meet business needs.
Investigate newly identified cybersecurity vulnerabilities and provide appropriate mitigation actions.
Liaise and coordinate with technology and business stakeholders in relation to cybersecurity patching and vulnerability management issues/actions.
Maintain a cyber threat assessment methodology, align with evolving industry standards and integrate into BAU and project-based business processes.
Support with proactive threat hunting for new and emerging cyber threats.
Develop and maintain dashboards with cybersecurity threat and vulnerability metrics.
Support compliance with relevant industry standards, regulations, and best practices, such as GDPR, NIS and ISO 27001.

Base location – Hybrid – Clearwater Court, Reading.

Working pattern – 36 hours, Monday to Friday.

What you should bring to the role

Exposure to remediating vulnerabilities and patch management in a complex business environment.
Experience in remediating cyber risks in the ever-changing digital estate.
3 years of experience in a penetration testing enterprise environment.
Prepare detailed reports and have the ability to present findings to key stakeholders.
Cyber security industry certification(s) such as CSTM/ CRT/ OSCP/CTL.
Understanding of different patching management techniques and approaches for different technology stacks (e.g. SaaS, IaaS, End-User Computing, Server Estate, etc.).
Knowledge of TVM concepts, technologies, and best practices, including OSINT tools, vulnerability assessment, threat modelling, etc.

What’s in it for you?

Annual Leave- 26 days holiday per year increasing to 30 with the length of service (plus bank holidays).
Generous Pension Scheme through AON.
Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling to Cycle to Work schemes, shopping vouchers and life assurance.