This is an opportunity to join a giant in the mobile applications world as an Application Security Penetration Tester. If you have a passion for securing applications, an in-depth understanding of application security, and the ability to identify and resolve vulnerabilities, this role is for you. You will play a key role in securing applications and shaping the future of their security posture by performing rigorous security assessments. Responsibilities: In this role, you'll lead the security testing of their cloud-native, microservices-based architecture with a focus on web and mobile applications as well as cloud security testing. Key responsibilities include: Conducting comprehensive penetration testing and security assessments of web and mobile applications. Performing static (SAST), dynamic (DAST), and composition analysis (SCA) of source code. Engaging in threat modeling and threat actor simulations to test and enhance security controls. Collaborating with global development teams to ensure continuous improvement of the security posture. Key Tasks: Perform in-depth security testing of development operations, iOS, and Android mobile applications. Carry out source code reviews to identify and mitigate security vulnerabilities. Execute detailed penetration tests and security assessments, documenting findings and recommendations. Automate security testing within CI/CD pipelines and implement secure coding practices. Conduct offensive security operations , including red team exercises to simulate real-world attack scenarios. Collaborate with DevOps teams to ensure security is integrated into every stage of the development lifecycle. Qualifications: Bachelor's degree in Computer Science, Software Engineerin g , or equivalent experience. Professional certifications such as GWAPT , OSCP , or CEH . 3-5 years of experience in application security testing, source code reviews , and DevOps security . Proficient in programming languages and secure coding practices. Strong analytical skills and attention to detail. Tools & Technologies: Experience with tools such as Burp Suite Pro , Checkmarx , Corellium , Acunetix , Synopsys , VeraCode , AWS/Azure/Oracle Cloud , Postman , SoapUI , HashiCorp Vault , and Plextrac . Benefits: Health Insurance : Comprehensive medical, dental, and vision coverage. Competitive Salary : Attractive salary based on experience. 401(k) Matching : Company contributions to your 401(k) retirement plan. Generous PTO : Vacation, sick leave, and holidays. Professional Development : Access to training, workshops, and certifications. Tuition Reimbursement : Financial support for further education. Inclusive Environment : A diverse, supportive workplace with team-building activities and social events. I look forward to receiving your applications and discussing it further!
Dec 03, 2024
Full time
This is an opportunity to join a giant in the mobile applications world as an Application Security Penetration Tester. If you have a passion for securing applications, an in-depth understanding of application security, and the ability to identify and resolve vulnerabilities, this role is for you. You will play a key role in securing applications and shaping the future of their security posture by performing rigorous security assessments. Responsibilities: In this role, you'll lead the security testing of their cloud-native, microservices-based architecture with a focus on web and mobile applications as well as cloud security testing. Key responsibilities include: Conducting comprehensive penetration testing and security assessments of web and mobile applications. Performing static (SAST), dynamic (DAST), and composition analysis (SCA) of source code. Engaging in threat modeling and threat actor simulations to test and enhance security controls. Collaborating with global development teams to ensure continuous improvement of the security posture. Key Tasks: Perform in-depth security testing of development operations, iOS, and Android mobile applications. Carry out source code reviews to identify and mitigate security vulnerabilities. Execute detailed penetration tests and security assessments, documenting findings and recommendations. Automate security testing within CI/CD pipelines and implement secure coding practices. Conduct offensive security operations , including red team exercises to simulate real-world attack scenarios. Collaborate with DevOps teams to ensure security is integrated into every stage of the development lifecycle. Qualifications: Bachelor's degree in Computer Science, Software Engineerin g , or equivalent experience. Professional certifications such as GWAPT , OSCP , or CEH . 3-5 years of experience in application security testing, source code reviews , and DevOps security . Proficient in programming languages and secure coding practices. Strong analytical skills and attention to detail. Tools & Technologies: Experience with tools such as Burp Suite Pro , Checkmarx , Corellium , Acunetix , Synopsys , VeraCode , AWS/Azure/Oracle Cloud , Postman , SoapUI , HashiCorp Vault , and Plextrac . Benefits: Health Insurance : Comprehensive medical, dental, and vision coverage. Competitive Salary : Attractive salary based on experience. 401(k) Matching : Company contributions to your 401(k) retirement plan. Generous PTO : Vacation, sick leave, and holidays. Professional Development : Access to training, workshops, and certifications. Tuition Reimbursement : Financial support for further education. Inclusive Environment : A diverse, supportive workplace with team-building activities and social events. I look forward to receiving your applications and discussing it further!
We are seeking an experienced Sales Manager to join the sales team of one of the UK s leading manufacturers of test and measurement equipment. This is an exciting opportunity to work with cutting-edge products, including oscilloscopes, power analyzers, DAQs, multimeters, calibrators, thermometers, optical test equipment, and Ethernet testers. These solutions are highly sought after in key industries such as aerospace, automotive, and energy. The role will require a strong technical background, a proven ability to manage client relationships, and experience in field sales. The successful candidate will play a critical role in maintaining and expanding the company s presence in the transportation sector, building strong customer relationships, and delivering measurable business growth. Sales Manager - Key Responsibilities Reporting to the UK Sales Manager, your responsibilities will include: Developing and executing an annual sales plan for the North of England territory. Building and maintaining strong relationships with new and existing customers. Conducting client meetings, product demonstrations, and participating in industry exhibitions. Driving market penetration and achieving sales targets by providing technical and commercial expertise. Sales Manager - Essential Requirements: Full UK driving license. Proficient computer skills, including MS Word, Excel, and Outlook. Strong interpersonal, communication, and customer service skills. Sales Manager - Preferred Background: Candidates must meet at least two of the following criteria: Proven track record in field sales Strong technical understanding of test and measurement equipment, ideally with a degree in Electrical or Mechanical Engineering Experience within the automotive or broader transportation sector Apply today: If you are ready to take the next step in your career with a pioneering organisation, please submit your application online. One of our specialist consultants will reach out to discuss the role in more detail.
Nov 29, 2024
Full time
We are seeking an experienced Sales Manager to join the sales team of one of the UK s leading manufacturers of test and measurement equipment. This is an exciting opportunity to work with cutting-edge products, including oscilloscopes, power analyzers, DAQs, multimeters, calibrators, thermometers, optical test equipment, and Ethernet testers. These solutions are highly sought after in key industries such as aerospace, automotive, and energy. The role will require a strong technical background, a proven ability to manage client relationships, and experience in field sales. The successful candidate will play a critical role in maintaining and expanding the company s presence in the transportation sector, building strong customer relationships, and delivering measurable business growth. Sales Manager - Key Responsibilities Reporting to the UK Sales Manager, your responsibilities will include: Developing and executing an annual sales plan for the North of England territory. Building and maintaining strong relationships with new and existing customers. Conducting client meetings, product demonstrations, and participating in industry exhibitions. Driving market penetration and achieving sales targets by providing technical and commercial expertise. Sales Manager - Essential Requirements: Full UK driving license. Proficient computer skills, including MS Word, Excel, and Outlook. Strong interpersonal, communication, and customer service skills. Sales Manager - Preferred Background: Candidates must meet at least two of the following criteria: Proven track record in field sales Strong technical understanding of test and measurement equipment, ideally with a degree in Electrical or Mechanical Engineering Experience within the automotive or broader transportation sector Apply today: If you are ready to take the next step in your career with a pioneering organisation, please submit your application online. One of our specialist consultants will reach out to discuss the role in more detail.
Join the Rebel Alliance: Penetration Tester Needed to Outsmart the Dark Side! (UK) Role: Penetration Tester Location: London (UK) Eligibility: UK work permit required Remote work: hybrid Are you passionate about offensive security and hacking? So are we! Are you looking forward to working with like-minded people, part of a young and dynamic team? We are here, waiting for you! SECFORCE is looking for a penetration tester to join our team in London. Who are we? SECFORCE is a dynamic penetration testing company, with presence in London, Malta, and other regions of Europe. We are a young team that promotes a fun working environment. We enjoy hacking and are passionate about security testing. However, we also work hard and believe we are one of the very best testing companies in the world. For example, we are the youngest CBEST accredited company. What we need from you: We are looking for a techie passionate about offensive security who wants to grow their skills. Your primary function will be to deliver penetration testing assessments. Required Skills: Familiarity with infrastructure and web application vulnerabilities Ability to write deliverables to a high standard (in English) Ability to communicate technical findings to both board-level executives and technical teams Mindset of being up-to-date with the latest attack trends Nice to have: Knowledge or experience delivering cloud security assessments Knowledge or experience delivering iOS mobile application security assessments Certifications (e.g. OSCP) What we offer: A key role in delivering security testing services to some of the biggest names in the industry A work environment with an emphasis on knowledge sharing Up to 20% of your time can be spent on research/conferences/skill development Hybrid working policy (3 days a week working from home and 2 from the office) Relaxed working environment (no dress code, you can choose the music based on your test) Frequent team events and trips Great! What's next? If you are passionate about offensive security, please get in touch! One piece of advice: Please don't send us the typical cover letter. We are dynamic and fun. Send us just a paragraph describing why you are passionate and motivated about security testing, what type of projects you have been involved in, what excites you, and what your aspirations are.
Nov 28, 2024
Full time
Join the Rebel Alliance: Penetration Tester Needed to Outsmart the Dark Side! (UK) Role: Penetration Tester Location: London (UK) Eligibility: UK work permit required Remote work: hybrid Are you passionate about offensive security and hacking? So are we! Are you looking forward to working with like-minded people, part of a young and dynamic team? We are here, waiting for you! SECFORCE is looking for a penetration tester to join our team in London. Who are we? SECFORCE is a dynamic penetration testing company, with presence in London, Malta, and other regions of Europe. We are a young team that promotes a fun working environment. We enjoy hacking and are passionate about security testing. However, we also work hard and believe we are one of the very best testing companies in the world. For example, we are the youngest CBEST accredited company. What we need from you: We are looking for a techie passionate about offensive security who wants to grow their skills. Your primary function will be to deliver penetration testing assessments. Required Skills: Familiarity with infrastructure and web application vulnerabilities Ability to write deliverables to a high standard (in English) Ability to communicate technical findings to both board-level executives and technical teams Mindset of being up-to-date with the latest attack trends Nice to have: Knowledge or experience delivering cloud security assessments Knowledge or experience delivering iOS mobile application security assessments Certifications (e.g. OSCP) What we offer: A key role in delivering security testing services to some of the biggest names in the industry A work environment with an emphasis on knowledge sharing Up to 20% of your time can be spent on research/conferences/skill development Hybrid working policy (3 days a week working from home and 2 from the office) Relaxed working environment (no dress code, you can choose the music based on your test) Frequent team events and trips Great! What's next? If you are passionate about offensive security, please get in touch! One piece of advice: Please don't send us the typical cover letter. We are dynamic and fun. Send us just a paragraph describing why you are passionate and motivated about security testing, what type of projects you have been involved in, what excites you, and what your aspirations are.
I am currently recruiting for a leading Data Centre provider who specialise in offering solutions that are adaptable to cloud, hyper-scale and secure IT environments. Senior DevOps Engineer 60,000 - 80,000 per annum Fully Remote Must be eligible for SC Clearance Key Responsibilities Operate and maintain AWS-based cloud services Manage and automate VMWare's vSphere infrastructure and automation Manage and deploy virtual machines Understand networking configurations in relation to VPNs, VPCs, and AWS services Assist in designing, implementing, and maintaining our DevOps infrastructure, tools, and processes Adhere to ISO 27001 standards Conform to best practices in network configuration and cybersecurity, collaborating with penetration testers to address and rectify any identified vulnerabilities Develop and maintain automation scripts for deployment, testing, and infrastructure management Integrate with GitHub, GitHub Actions, TeamCity and CI/CD pipelines Manage configuration and deployments of software solutions Develop hot and cold backup and restore strategies Develop implementation and backout strategies Develop operational monitoring strategies Ensure the availability, reliability, and scalability across the solution Work collaboratively with developers to ensure a smooth software development lifecycle. Interface with teams including Development team, Operations, Security, Product Management, and Infrastructure to ensure seamless integration of DevOps practices and processes throughout the organisation Develop and maintain documentation of all strategies, processes and procedures
Nov 28, 2024
Full time
I am currently recruiting for a leading Data Centre provider who specialise in offering solutions that are adaptable to cloud, hyper-scale and secure IT environments. Senior DevOps Engineer 60,000 - 80,000 per annum Fully Remote Must be eligible for SC Clearance Key Responsibilities Operate and maintain AWS-based cloud services Manage and automate VMWare's vSphere infrastructure and automation Manage and deploy virtual machines Understand networking configurations in relation to VPNs, VPCs, and AWS services Assist in designing, implementing, and maintaining our DevOps infrastructure, tools, and processes Adhere to ISO 27001 standards Conform to best practices in network configuration and cybersecurity, collaborating with penetration testers to address and rectify any identified vulnerabilities Develop and maintain automation scripts for deployment, testing, and infrastructure management Integrate with GitHub, GitHub Actions, TeamCity and CI/CD pipelines Manage configuration and deployments of software solutions Develop hot and cold backup and restore strategies Develop implementation and backout strategies Develop operational monitoring strategies Ensure the availability, reliability, and scalability across the solution Work collaboratively with developers to ensure a smooth software development lifecycle. Interface with teams including Development team, Operations, Security, Product Management, and Infrastructure to ensure seamless integration of DevOps practices and processes throughout the organisation Develop and maintain documentation of all strategies, processes and procedures
At Vertical Structure (an Instil Company), we specialise in providing human-focused security and penetration testing services for web applications, cloud infrastructure and mobile applications. The Role We are looking for a Mid / Senior Penetration Tester to join our dynamic team. As a Pen Tester, you will be part of the delivery team, conducting penetration tests and vulnerability assessments across a range of technologies and a wide range of customers including software, fintech, manufacturing, engineering, legal, and public sector. Your insights will be crucial in identifying security weaknesses and helping clients fortify their systems. We offer varied, challenging work in a supportive environment where you will find yourself constantly evolving and learning, whilst studying towards CREST (CPSA/CRT/CCT) or Cyber Scheme (CSTM/CSTL) certifications. If this sounds like you, we'd love to hear from you. Location Requirements This role is based in Belfast and may require some onsite work with clients. Therefore, candidates should be located in Northern Ireland. Benefits Competitive Salary & Annual Bonus Hybrid Working Flexible Working Hours Summer Working Hours 35 Days Holiday Private Pension (8% Employer, 5% Employee) Private Healthcare Life Assurance Cycle to Work Scheme Day to Day Probe and exploit security vulnerabilities in client's Infrastructure, Web Applications and Mobile Applications using a variety of penetration tests. Write detailed reports outlining vulnerabilities and providing actionable recommendations. Collaborate with clients during kick-off and discovery sessions, providing expert advice. Stay current with the latest security threats, vulnerabilities, and trends. Research offensive security techniques to assess and validate infrastructure and technologies, including cloud-based systems. Automate repetitive tasks by developing scripts to streamline testing processes. Mentor junior penetration testers and contribute to their professional development. Play a key role in enhancing existing tools, methodologies, and reports. Support pre-sales efforts by acting as a penetration testing subject-matter expert. Communicate security vulnerabilities to both technical and non-technical stakeholders. Need to Have At least 2+ years of experience in penetration testing. Demonstrable skills in the Penetration Testing/Ethical Hacking field. In-depth knowledge of various web technologies, operating systems, particularly Linux, Windows, and Active Directory. Knowledge of scripting languages e.g. Python. Strong experience with web application and network pen testing methodologies. Proficiency in using penetration testing tools such as BurpSuite Pro, Nmap, and Nessus. Familiarity with Kali Linux and the associated penetration testing tool suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag. Excellent communication and technical report writing skills. Nice to Have Relevant security certifications (e.g. OSCP, CREST, Cyber Scheme). UK SC clearance. Equality Instil is an equal opportunity employer and values diversity at our company. We are committed to equality of opportunity for all staff. Applications from individuals are encouraged regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation.
Nov 19, 2024
Full time
At Vertical Structure (an Instil Company), we specialise in providing human-focused security and penetration testing services for web applications, cloud infrastructure and mobile applications. The Role We are looking for a Mid / Senior Penetration Tester to join our dynamic team. As a Pen Tester, you will be part of the delivery team, conducting penetration tests and vulnerability assessments across a range of technologies and a wide range of customers including software, fintech, manufacturing, engineering, legal, and public sector. Your insights will be crucial in identifying security weaknesses and helping clients fortify their systems. We offer varied, challenging work in a supportive environment where you will find yourself constantly evolving and learning, whilst studying towards CREST (CPSA/CRT/CCT) or Cyber Scheme (CSTM/CSTL) certifications. If this sounds like you, we'd love to hear from you. Location Requirements This role is based in Belfast and may require some onsite work with clients. Therefore, candidates should be located in Northern Ireland. Benefits Competitive Salary & Annual Bonus Hybrid Working Flexible Working Hours Summer Working Hours 35 Days Holiday Private Pension (8% Employer, 5% Employee) Private Healthcare Life Assurance Cycle to Work Scheme Day to Day Probe and exploit security vulnerabilities in client's Infrastructure, Web Applications and Mobile Applications using a variety of penetration tests. Write detailed reports outlining vulnerabilities and providing actionable recommendations. Collaborate with clients during kick-off and discovery sessions, providing expert advice. Stay current with the latest security threats, vulnerabilities, and trends. Research offensive security techniques to assess and validate infrastructure and technologies, including cloud-based systems. Automate repetitive tasks by developing scripts to streamline testing processes. Mentor junior penetration testers and contribute to their professional development. Play a key role in enhancing existing tools, methodologies, and reports. Support pre-sales efforts by acting as a penetration testing subject-matter expert. Communicate security vulnerabilities to both technical and non-technical stakeholders. Need to Have At least 2+ years of experience in penetration testing. Demonstrable skills in the Penetration Testing/Ethical Hacking field. In-depth knowledge of various web technologies, operating systems, particularly Linux, Windows, and Active Directory. Knowledge of scripting languages e.g. Python. Strong experience with web application and network pen testing methodologies. Proficiency in using penetration testing tools such as BurpSuite Pro, Nmap, and Nessus. Familiarity with Kali Linux and the associated penetration testing tool suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag. Excellent communication and technical report writing skills. Nice to Have Relevant security certifications (e.g. OSCP, CREST, Cyber Scheme). UK SC clearance. Equality Instil is an equal opportunity employer and values diversity at our company. We are committed to equality of opportunity for all staff. Applications from individuals are encouraged regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation.
Senior Security Test Consultant - Penetration Tester - OSCP Salary: Up to £72,000 + Private Health + Excellent Pension + Benefits + Flexi/Home Working + Full Travel Expenses Note: Sorry no sponsorship is available for this role. We are proud to collaborate with a leading Security Tech Company based in London, seeking experienced Senior Security Consultants to join their dedicated Cyber Testing Team click apply for full job details
Feb 01, 2024
Full time
Senior Security Test Consultant - Penetration Tester - OSCP Salary: Up to £72,000 + Private Health + Excellent Pension + Benefits + Flexi/Home Working + Full Travel Expenses Note: Sorry no sponsorship is available for this role. We are proud to collaborate with a leading Security Tech Company based in London, seeking experienced Senior Security Consultants to join their dedicated Cyber Testing Team click apply for full job details
Pentest CHECK Team Lead required by our client, a well-established cyber-security firm looking to expand. This is for a permanent role, but some ad-hoc working may also be on offer if that would be more suited to your current lifestyle. This role can be worked from multiple locations, with client sites across the UK. Salary banding is Our client are specifically looking for CHECK Team Leads in either Web Application or Infrastructure. The salary level for the CHECK Team Lead is approximately £60k to £70k. To find out more about the company and the role, please get in touch with Dave a IT Recruitment Solutions today. CTL, CHECK Team Lead, Pentest, Pentesting, Pentester, Penetration Testing
Jan 26, 2024
Full time
Pentest CHECK Team Lead required by our client, a well-established cyber-security firm looking to expand. This is for a permanent role, but some ad-hoc working may also be on offer if that would be more suited to your current lifestyle. This role can be worked from multiple locations, with client sites across the UK. Salary banding is Our client are specifically looking for CHECK Team Leads in either Web Application or Infrastructure. The salary level for the CHECK Team Lead is approximately £60k to £70k. To find out more about the company and the role, please get in touch with Dave a IT Recruitment Solutions today. CTL, CHECK Team Lead, Pentest, Pentesting, Pentester, Penetration Testing
We are currently working with a well-established consultancy with big plans for 2024 as they're looking to hire multiple experienced CRT Certified Penetration Testers to support upcoming projects. The company is Crest accredited and you will get the opportunity to work on a wide scope of engagements and with businesses in a variety of industries. Salary: £45,000 - £60,000 per annum Location: Remote + National Client Site Travel Penetration Tester - Responsibilities: Lead/support a variety of penetration testing engagements with a focus on excellent client delivery Manage projects, workload and training effectively Producing informative, and detail reports Involved in scoping calls for testing engagements Stay updated on cybersecurity threats and industry best practices. Penetration Tester - Requirements: Must possess CRT certification 2+ years experience in a Pen Testing role is necessary Other relevant industry certifications such as OSCP, OSEP, CSTM, CTM Must possess active, or be eligible for, SC Clearance Excellent report writing abilities and a high standard of written English Enthusiasm, dedication and keen interest in professional development This is a great opportunity for an experienced Pen Tester to join an already established offensive security practice - with the chance to work on new, fresh and exciting engagements. If you want to further enhance your skill set, develop professionally and upskill in any particular area of Pen Testing - be sure to apply and reach out. Lawrence Harvey is acting as an Employment Business in regards to this position.
Jan 26, 2024
Full time
We are currently working with a well-established consultancy with big plans for 2024 as they're looking to hire multiple experienced CRT Certified Penetration Testers to support upcoming projects. The company is Crest accredited and you will get the opportunity to work on a wide scope of engagements and with businesses in a variety of industries. Salary: £45,000 - £60,000 per annum Location: Remote + National Client Site Travel Penetration Tester - Responsibilities: Lead/support a variety of penetration testing engagements with a focus on excellent client delivery Manage projects, workload and training effectively Producing informative, and detail reports Involved in scoping calls for testing engagements Stay updated on cybersecurity threats and industry best practices. Penetration Tester - Requirements: Must possess CRT certification 2+ years experience in a Pen Testing role is necessary Other relevant industry certifications such as OSCP, OSEP, CSTM, CTM Must possess active, or be eligible for, SC Clearance Excellent report writing abilities and a high standard of written English Enthusiasm, dedication and keen interest in professional development This is a great opportunity for an experienced Pen Tester to join an already established offensive security practice - with the chance to work on new, fresh and exciting engagements. If you want to further enhance your skill set, develop professionally and upskill in any particular area of Pen Testing - be sure to apply and reach out. Lawrence Harvey is acting as an Employment Business in regards to this position.
Security Architect - TOGAF - CISM - CISSP Security Architect - Remote Essential Job Duties and Responsibilities: Ensure customer security requirements and responses are developed with engineering and business development teams for customer bids Lead security response to customer variation requests and ensure customer understanding of the impact of their request against new and existing security risks. Lead the delivery of design and build/operations and maintenance budget requirements for customer bids and variation requests. Ensures financial requirements for cyber resilience controls and security labour estimates are presented in cost models presented to senior leadership. Lead assurance to ensure security requirements are developed by DevOps, system engineers and other project team staff and are implemented according to cyber resilience engineering policies and customer needs and ensure that these requirements are supportable and clearly documented. Leads all security risk assessment/business impact analysis/audit for new and existing business applications or IT infrastructure and leads advice and guidance on the application and operation of physical, procedural and technical security controls within all engineering and IT solutions. Lead information security assurance within design gateways and service transition/change boards. Champion best practices for application and infrastructure/architecture design principles for the use of existing and new information security technologies across customer systems. Assure appropriate security support processes are delivered by projects to support service transition. Some manual handling may occasionally be required May be required to work on other sites and datacentres Comply with values and adherence to all company policy and procedures. In particular, comply with the code of conduct, quality, security and occupational health, safety and environmental policies and procedures. In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by their manager from time-to-time, as may be reasonably required of them. Minimum Job Requirements: Qualifications Essential: Degree or equivalent qualifications/experience Certification as an Information Security professional (eg IISP/CISA/CISM/CISSP/CCSP/ISA) Current driving licence Desirable: A university degree in a numerate subject (eg computer science, maths, engineering, natural science) Information privacy/data protection - CIPPE/+ CIPM HMG IA qualifications/CLAS; Crest-registered penetration tester and/or security architect ITIL v3/Prince2 foundation level/TOGAF Security and IT infrastructure/networking vendors' certifications Skills/Experience/Knowledge Essential: Solid exposure of taking a leading role in the establishment and implementation of security architecture, policies and procedures. Experience of secure development life cycles (SDLC) Good understanding of enterprise-scale security management process and infrastructure Exposure to current IT Security standards and regulations such as PCI-DSS, ISO 27001, SOX, DPA Exposure to enterprise IT infrastructure and tools (eg MS Windows Server, Cisco, Oracle Solaris, Linux) Superior network infrastructure and protocol knowledge Desirable: Experience of transactional revenue, Embedded, Smartcards and mobile payment systems Knowledge/experience of security architecture of major public cloud services eg Microsoft Azure, Amazon Web Services, Google Cloud, Cloud Access Service Brokers eg Okta Knowledge of cryptographic services Knowledge of wider security, audit, risk and compliance standards eg PCI-P2PE, PCI-POI-PTS, ISO 27701, ISO27005, ISO31000, NIST, GDPR and governance/risk/compliance tools Requirements analysis and tracing tools such as DOORS and SD Elements; OneTrust privacy tool Understanding of security within DevOps and waterfall project methods, product development Experience of application security testing tools and devops frameworks, eg SonarQube, JIRA, static & dynamic code analysis/fuzzing Development tools/environments; Java, Visual Studio, C# In depth understanding of information security control tools, eg Splunk, Crowdstrike, Trend Micro DeepSecurity, Imperva WAF, Tenable.IO/Nessus, TripWire, Cisco IPS, F5, Centrify Experience of quality management systems and external audit standards eg ISO 9001, ISAE3402
Dec 17, 2022
Full time
Security Architect - TOGAF - CISM - CISSP Security Architect - Remote Essential Job Duties and Responsibilities: Ensure customer security requirements and responses are developed with engineering and business development teams for customer bids Lead security response to customer variation requests and ensure customer understanding of the impact of their request against new and existing security risks. Lead the delivery of design and build/operations and maintenance budget requirements for customer bids and variation requests. Ensures financial requirements for cyber resilience controls and security labour estimates are presented in cost models presented to senior leadership. Lead assurance to ensure security requirements are developed by DevOps, system engineers and other project team staff and are implemented according to cyber resilience engineering policies and customer needs and ensure that these requirements are supportable and clearly documented. Leads all security risk assessment/business impact analysis/audit for new and existing business applications or IT infrastructure and leads advice and guidance on the application and operation of physical, procedural and technical security controls within all engineering and IT solutions. Lead information security assurance within design gateways and service transition/change boards. Champion best practices for application and infrastructure/architecture design principles for the use of existing and new information security technologies across customer systems. Assure appropriate security support processes are delivered by projects to support service transition. Some manual handling may occasionally be required May be required to work on other sites and datacentres Comply with values and adherence to all company policy and procedures. In particular, comply with the code of conduct, quality, security and occupational health, safety and environmental policies and procedures. In addition to the duties and responsibilities listed, the job holder is required to perform other duties assigned by their manager from time-to-time, as may be reasonably required of them. Minimum Job Requirements: Qualifications Essential: Degree or equivalent qualifications/experience Certification as an Information Security professional (eg IISP/CISA/CISM/CISSP/CCSP/ISA) Current driving licence Desirable: A university degree in a numerate subject (eg computer science, maths, engineering, natural science) Information privacy/data protection - CIPPE/+ CIPM HMG IA qualifications/CLAS; Crest-registered penetration tester and/or security architect ITIL v3/Prince2 foundation level/TOGAF Security and IT infrastructure/networking vendors' certifications Skills/Experience/Knowledge Essential: Solid exposure of taking a leading role in the establishment and implementation of security architecture, policies and procedures. Experience of secure development life cycles (SDLC) Good understanding of enterprise-scale security management process and infrastructure Exposure to current IT Security standards and regulations such as PCI-DSS, ISO 27001, SOX, DPA Exposure to enterprise IT infrastructure and tools (eg MS Windows Server, Cisco, Oracle Solaris, Linux) Superior network infrastructure and protocol knowledge Desirable: Experience of transactional revenue, Embedded, Smartcards and mobile payment systems Knowledge/experience of security architecture of major public cloud services eg Microsoft Azure, Amazon Web Services, Google Cloud, Cloud Access Service Brokers eg Okta Knowledge of cryptographic services Knowledge of wider security, audit, risk and compliance standards eg PCI-P2PE, PCI-POI-PTS, ISO 27701, ISO27005, ISO31000, NIST, GDPR and governance/risk/compliance tools Requirements analysis and tracing tools such as DOORS and SD Elements; OneTrust privacy tool Understanding of security within DevOps and waterfall project methods, product development Experience of application security testing tools and devops frameworks, eg SonarQube, JIRA, static & dynamic code analysis/fuzzing Development tools/environments; Java, Visual Studio, C# In depth understanding of information security control tools, eg Splunk, Crowdstrike, Trend Micro DeepSecurity, Imperva WAF, Tenable.IO/Nessus, TripWire, Cisco IPS, F5, Centrify Experience of quality management systems and external audit standards eg ISO 9001, ISAE3402
AppCheck is a cyber security SaaS company based in the UK. We provide a cloud-based vulnerability scanning technology that allows companies to find security vulnerabilities in their web applications and hosted infrastructure, before hackers can find and exploit them (much like an automated penetration tester). We started in 2014 with 4 people, now with 70+ in total, and growing by at least 20 peopl click apply for full job details
Nov 30, 2022
Full time
AppCheck is a cyber security SaaS company based in the UK. We provide a cloud-based vulnerability scanning technology that allows companies to find security vulnerabilities in their web applications and hosted infrastructure, before hackers can find and exploit them (much like an automated penetration tester). We started in 2014 with 4 people, now with 70+ in total, and growing by at least 20 peopl click apply for full job details
Senior Consultant, Security Testing (United Kingdom) We're hiring! This is an exciting opportunity for candidates with substantial experience in Penetration Testing, looking to take the next step up to further develop their skills an become a subject matter expert in the field. You will be part of a team that provides a challenging and exciting work environment that pairs a healthy combination of autonomy and senior level support, together with a significant investment in your learning and professional development. Our international Security Testing team specializes in application and network infrastructure security, read teaming and source code review, publishes books and security blogs, contributes to open-source software projects, and are engaged in a variety of continuous security research projects. This is an exciting opportunity for someone who enjoys performing deep technical work in a fun and casual atmosphere. In the United Kingdom, our Security Testing services are delivered through our subsidiary Gotham Digital Science Limited which is member of the UK industry body CREST (the Council of Registered Ethical Security Testers) as well as a member of the UK Government CHECK scheme, allowing us to provide security assurance services to Her Majesty's Government and UK Critical National Infrastructure on systems processing protectively marked information. We are also an accredited CBEST penetration testing provider, allowing us to provide intelligence-led penetration testing as part of the Bank of England CBEST scheme. About the role As a Senior Consultant, you can expect to get involved in: Application penetration testing and application source code review. Secure Development Lifecycle consultancy and advisory. Vulnerability and penetration assessments on Internet exposed and internal systems. Applying and developing appropriate exploits to gain access and expand access to remote systems. Documenting technical issues identified during security assessments. Interface with clients when working on engagements on-site. Mentoring more junior colleagues and supporting managers whenever necessary. Perform peer review and quality checks on work product from other colleagues. Instructor-led and self-guided training activities, including you working towards attaining company funded security certifications. About you The following qualifications are expected from potential applicants: At least 3 years of experience in performing application and/or infrastructure penetration testing independently. Development and/or source code review experience in one or more of these languages: C/C++, C#, VB.NET, ASP, PHP, Python or Java. Familiarity with threat modelling and security design review methodologies. A good understanding of Unix, Windows and network security. Degree from an accredited University or equivalent. CREST Certified Tester (CCT) or equivalent. Excellent written and communication skills in English. Ability to work both independently and in a team environment. Passion for technology and a drive for self-learning, paired with good customer facing skills. Currently resident within the European Union, or not requiring work permit sponsorship. The following items are not required but would be considered a differentiator: Additional security and penetration testing certifications. Degree in Computer Science, Information Systems, Engineering or related major. Experience working as part of an enterprise development team. Experience developing custom scripts or tools used for vulnerability scanning and identification. Fluency in an additional Western European language, other than English. Salary and Benefits This role offers a competitive salary and bonus, plus a comprehensive benefits package and 25 days holiday. Through our flexible benefits, you can choose additional benefits, including healthcare, childcare vouchers, and additional holiday. About Cyber Solutions Aon's Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance
Sep 21, 2022
Full time
Senior Consultant, Security Testing (United Kingdom) We're hiring! This is an exciting opportunity for candidates with substantial experience in Penetration Testing, looking to take the next step up to further develop their skills an become a subject matter expert in the field. You will be part of a team that provides a challenging and exciting work environment that pairs a healthy combination of autonomy and senior level support, together with a significant investment in your learning and professional development. Our international Security Testing team specializes in application and network infrastructure security, read teaming and source code review, publishes books and security blogs, contributes to open-source software projects, and are engaged in a variety of continuous security research projects. This is an exciting opportunity for someone who enjoys performing deep technical work in a fun and casual atmosphere. In the United Kingdom, our Security Testing services are delivered through our subsidiary Gotham Digital Science Limited which is member of the UK industry body CREST (the Council of Registered Ethical Security Testers) as well as a member of the UK Government CHECK scheme, allowing us to provide security assurance services to Her Majesty's Government and UK Critical National Infrastructure on systems processing protectively marked information. We are also an accredited CBEST penetration testing provider, allowing us to provide intelligence-led penetration testing as part of the Bank of England CBEST scheme. About the role As a Senior Consultant, you can expect to get involved in: Application penetration testing and application source code review. Secure Development Lifecycle consultancy and advisory. Vulnerability and penetration assessments on Internet exposed and internal systems. Applying and developing appropriate exploits to gain access and expand access to remote systems. Documenting technical issues identified during security assessments. Interface with clients when working on engagements on-site. Mentoring more junior colleagues and supporting managers whenever necessary. Perform peer review and quality checks on work product from other colleagues. Instructor-led and self-guided training activities, including you working towards attaining company funded security certifications. About you The following qualifications are expected from potential applicants: At least 3 years of experience in performing application and/or infrastructure penetration testing independently. Development and/or source code review experience in one or more of these languages: C/C++, C#, VB.NET, ASP, PHP, Python or Java. Familiarity with threat modelling and security design review methodologies. A good understanding of Unix, Windows and network security. Degree from an accredited University or equivalent. CREST Certified Tester (CCT) or equivalent. Excellent written and communication skills in English. Ability to work both independently and in a team environment. Passion for technology and a drive for self-learning, paired with good customer facing skills. Currently resident within the European Union, or not requiring work permit sponsorship. The following items are not required but would be considered a differentiator: Additional security and penetration testing certifications. Degree in Computer Science, Information Systems, Engineering or related major. Experience working as part of an enterprise development team. Experience developing custom scripts or tools used for vulnerability scanning and identification. Fluency in an additional Western European language, other than English. Salary and Benefits This role offers a competitive salary and bonus, plus a comprehensive benefits package and 25 days holiday. Through our flexible benefits, you can choose additional benefits, including healthcare, childcare vouchers, and additional holiday. About Cyber Solutions Aon's Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance
Excellent opportunity for a Penetration Tester to join a highly-regarded global cyber security consultancy who have been thought leaders in the information security sector since 2009. Role Info: Penetration Tester / Cyber Security Consultant UK Home based with travel to client sites as required up to £95,000 + Benefits Product / Service: Head quartered in London, UK, we provide a range of cyber securit...... click apply for full job details
Aug 30, 2022
Full time
Excellent opportunity for a Penetration Tester to join a highly-regarded global cyber security consultancy who have been thought leaders in the information security sector since 2009. Role Info: Penetration Tester / Cyber Security Consultant UK Home based with travel to client sites as required up to £95,000 + Benefits Product / Service: Head quartered in London, UK, we provide a range of cyber securit...... click apply for full job details
Excellent opportunity for a Penetration Tester to join a highly-regarded global cyber security consultancy who have been thought leaders in the information security sector since 2009. Role Info: Penetration Tester / Cyber Security Consultant UK Home based with travel to client sites as required up to £95,000 + Benefits Product / Service: Head quartered in London, UK, we provide a range of cyber securit...... click apply for full job details
Aug 30, 2022
Full time
Excellent opportunity for a Penetration Tester to join a highly-regarded global cyber security consultancy who have been thought leaders in the information security sector since 2009. Role Info: Penetration Tester / Cyber Security Consultant UK Home based with travel to client sites as required up to £95,000 + Benefits Product / Service: Head quartered in London, UK, we provide a range of cyber securit...... click apply for full job details
We are nuclear professionals in everything we do The Sellafield site is one of the biggest construction sites in Europe and we are a world leader in the nuclear industry. We're responsible for some of the largest engineering projects in the UK. The Sellafield site is one of the biggest construction sites in the UK. Our challenges are almost always industry firsts. Hazard reduction is incredibly demanding technically, calling for vision, imagination and expertise. The complexity of each project is unmatched anywhere else in the nuclear sector. Our relentless pursuit of excellence is reflected in our health, safety, security, resilience and environmental performance standards. To support this we have a vacancy for a Digital Forensics & Incident Response Supervisor based within our Security & Resilience department. On a day to day basis the role involves: • Manage and develop a shift team of CSOC Analysts in relation to protective monitoring, incident response, and threat hunting to ensure the delivery of a mature and highly skilled CSOC. • Lead, co-ordinate and provide technical assurance & escalation for daily investigations performed within the CSOC to ensure high standards of working across the team and provide an in-depth technical knowledge required to delivery protective monitoring and incident response across the Corporate and OT information systems. • Develop and enact Digital Forensics capabilities within CSOC relating to escalated investigations, threat hunting and incident response to deliver cyber threat detection and forensically sound evidence, in accordance with government and ONR guidelines. • Lead in the development and tuning of Cyber Operations tooling and its application to the business, aligning with the cyber exploitation / Cyber Kill Chain / Mitre ATT&CK matrix, increase capabilities and efficiency of incident response, mitigating threats to ensure new threats and vulnerabilities are managed and mitigated. • Develop and perform the activities defined in the Cyber Security Incident Response Plan / Forensics Readiness plan, ensuring Operational elements are achieved in accordance with site emergency arrangements. • To oversee technical implementation and commissioning of Cyber Security tooling solutions to agreed requirements. • To provide advice and guidance to internal and external stakeholders in relation to Digital forensics, Incident Response and Cyber Security in general to ensure threats are identified, with measures understood to reduce impact and consequence. • To assess, suggest or take remedial action to Cyber Security Incidents within defined policies and standards. • To review, document and apply good practice against all Cyber Security incidents for damage arising from compromise of company sensitive and Government protectively marked information across Sellafield. • To review Cyber security tools, processes and procedures and assist in testing the robustness of current and developing systems. To deputise for the CSOC Manager when required. To thrive in the role you will need: • Degree qualified or 2 years minimum experience in Cyber Security or Information Assurance. • Knowledge of Digital Forensics. • Capable of obtaining GIAC certification in IT Security/Digital Forensics field. • Knowledge of Business Continuity. • Strong understanding of network protocols. • Line management / leadership experience. • Ability to achieve DV clearance + NPPV You may also have: • GCIA (Certified Intrusion Analyst). • GCFE (Certified Forensic Examiner). • GCFA (Certified Forensic Analyst). • GNFA (Network Forensic Analyst). • GPEN (Penetration Tester). • CMI First Line Management qualification. • APM / Prince2 Project Management. • IOSH Managing Safely. • Control Systems experience. • Malware analysis experience. • Vulnerability analysis experience. Pay & Benefits Salary: £38,801 Closing Date: 29/11/21 Location: Sellafield, West Cumbria In promoting equal opportunities, Sellafield Ltd welcomes applications from all sections of the community. We select people according to their abilities and our needs. You are advised to regularly check your emails (including any junk mail/spam folders) for correspondence related to this post, including assessment or interview invitations and any other type of correspondence relating to your application. In the event of a high number of responses to any advert, Sellafield Ltd reserves the right to close the advert early. As users of the Disability Confident Scheme, we guarantee to interview all disabled applicants who meet the minimum essential skills for the vacancy. You will be able to declare a disability when completing our application form
Dec 01, 2021
Full time
We are nuclear professionals in everything we do The Sellafield site is one of the biggest construction sites in Europe and we are a world leader in the nuclear industry. We're responsible for some of the largest engineering projects in the UK. The Sellafield site is one of the biggest construction sites in the UK. Our challenges are almost always industry firsts. Hazard reduction is incredibly demanding technically, calling for vision, imagination and expertise. The complexity of each project is unmatched anywhere else in the nuclear sector. Our relentless pursuit of excellence is reflected in our health, safety, security, resilience and environmental performance standards. To support this we have a vacancy for a Digital Forensics & Incident Response Supervisor based within our Security & Resilience department. On a day to day basis the role involves: • Manage and develop a shift team of CSOC Analysts in relation to protective monitoring, incident response, and threat hunting to ensure the delivery of a mature and highly skilled CSOC. • Lead, co-ordinate and provide technical assurance & escalation for daily investigations performed within the CSOC to ensure high standards of working across the team and provide an in-depth technical knowledge required to delivery protective monitoring and incident response across the Corporate and OT information systems. • Develop and enact Digital Forensics capabilities within CSOC relating to escalated investigations, threat hunting and incident response to deliver cyber threat detection and forensically sound evidence, in accordance with government and ONR guidelines. • Lead in the development and tuning of Cyber Operations tooling and its application to the business, aligning with the cyber exploitation / Cyber Kill Chain / Mitre ATT&CK matrix, increase capabilities and efficiency of incident response, mitigating threats to ensure new threats and vulnerabilities are managed and mitigated. • Develop and perform the activities defined in the Cyber Security Incident Response Plan / Forensics Readiness plan, ensuring Operational elements are achieved in accordance with site emergency arrangements. • To oversee technical implementation and commissioning of Cyber Security tooling solutions to agreed requirements. • To provide advice and guidance to internal and external stakeholders in relation to Digital forensics, Incident Response and Cyber Security in general to ensure threats are identified, with measures understood to reduce impact and consequence. • To assess, suggest or take remedial action to Cyber Security Incidents within defined policies and standards. • To review, document and apply good practice against all Cyber Security incidents for damage arising from compromise of company sensitive and Government protectively marked information across Sellafield. • To review Cyber security tools, processes and procedures and assist in testing the robustness of current and developing systems. To deputise for the CSOC Manager when required. To thrive in the role you will need: • Degree qualified or 2 years minimum experience in Cyber Security or Information Assurance. • Knowledge of Digital Forensics. • Capable of obtaining GIAC certification in IT Security/Digital Forensics field. • Knowledge of Business Continuity. • Strong understanding of network protocols. • Line management / leadership experience. • Ability to achieve DV clearance + NPPV You may also have: • GCIA (Certified Intrusion Analyst). • GCFE (Certified Forensic Examiner). • GCFA (Certified Forensic Analyst). • GNFA (Network Forensic Analyst). • GPEN (Penetration Tester). • CMI First Line Management qualification. • APM / Prince2 Project Management. • IOSH Managing Safely. • Control Systems experience. • Malware analysis experience. • Vulnerability analysis experience. Pay & Benefits Salary: £38,801 Closing Date: 29/11/21 Location: Sellafield, West Cumbria In promoting equal opportunities, Sellafield Ltd welcomes applications from all sections of the community. We select people according to their abilities and our needs. You are advised to regularly check your emails (including any junk mail/spam folders) for correspondence related to this post, including assessment or interview invitations and any other type of correspondence relating to your application. In the event of a high number of responses to any advert, Sellafield Ltd reserves the right to close the advert early. As users of the Disability Confident Scheme, we guarantee to interview all disabled applicants who meet the minimum essential skills for the vacancy. You will be able to declare a disability when completing our application form
Penetration Tester We are currently recruiting a Penetration Tester for a market leading Digital Consultancy firm, they thrive and push for innovation and transformation to build a positive future within a constantly evolving industry. As part of the Digital Trust and Cyber Security team yo...
Nov 30, 2021
Full time
Penetration Tester We are currently recruiting a Penetration Tester for a market leading Digital Consultancy firm, they thrive and push for innovation and transformation to build a positive future within a constantly evolving industry. As part of the Digital Trust and Cyber Security team yo...