Description
Our client is seeking an experienced Security Engineer and ethical hacker to undertake vulnerability and penetration-testing (ideally integrated into a continuous delivery environment).
The successful candidate will work closely with several multi-disciplinary product development teams to provide guidance and consultation on the outcomes from testing, and share processes, solutions and practices that support secure coding and architecture. A strong technical background is therefore essential, with practical experience of working on solutions (eg in software development or system/network/infrastructure architecture and administration).
Essential skills:
- Direct experience executing vulnerability and penetration testing, both manual processes and via automated tools, ideally into a continuous integration and delivery pipeline. With detailed technical knowledge of vulnerabilities, threats, attack methods, and infection vectors.
- Experience working with highly scalable, secure and available systems handling sensitive data, preferably in the Cloud.
- Experience working closely with development teams to ensure secure coding and architecture is a fundamental part of product development. With detailed knowledge of OWASP and other best practices.
- Knowledge of cryptographic algorithms, including encryption, authentication and hashing and experience of applying them in different situations.
Desirable skills:
- Experience investigating suspected attacks and managing security incidents.
- Understanding of Government security standards and Information Assurance processes.