Penetration Tester

Job type:
on-site
Start:
ASAP
Duration:
3 months+
From:
Mercator IT Solutions
Place:
London
Date:
05/18/2019
Country:
flag_no United Kingdom
project ID:
1773150

Warning
This project is archived and not active any more.
You will find vacant projects in our project database.

Penetration Tester - is required by my client who is based in London.

Skills and Experience

Technical Skills

  • Several years of experience of performing security assessments web and/or service based applications, preferably hands-on blue team experience with financial applications that are Internet facing.
  • Knowledge of OWASP Top Ten/SANS 25 issues and understanding the best practice software engineering approaches to prevent issues.
  • Experience performing application security testing using manual/automated techniques leveraging internal knowledge sources such as talking to development teams and review of source code to maximise coverage.
  • Experience with conducting fuzz testing and have an establish security assessment methodology.
  • Experience working with C#, .NET, .NET Core, C++ applications.
  • Understanding of the latest vulnerability classes, awareness of the techniques observed in the wild to compromise systems, ability to simulate for testing exercises across infrastructure/systems.
  • Ability to write tools to assist with application security testing coverage, experience with rapid instrumentation tools such as Frida or leveraging in-house development code - desirable/useful.

Desirable Certifications

  • OSEE, OSCE, OSWE, GXPN, GWAPT, OSCP, GPEN or equivalent.

Responsibilities

  • Conduct security architecture design reviews with development teams as a subject matter expert to ensure that appropriate security controls are implemented, ensure secure by design approach is maintained in SDLC.
  • Conduct application security assessments and penetration tests (client applications, web applications, web service, API, etc.) to verify security posture of systems.
  • Conduct assessments based on context of applications using manual/automated testing and analysis techniques. We expect you to have experience conducting assessments with appropriate toolsets and be versatile based on application context, ie leveraging BurpSuite for a web application or custom built fuzzing tools to verify protocol implementations.
  • Document identified findings with established severity rating framework, provide recommendations for potential short term mitigation and long term remediation options to stakeholders.
  • Communicate issues to stakeholders across the business to manage security posture of applications according to Client C.I.A goals.
  • Lead application security related initiatives, such as continuous improvement of Client security posture by improving the SDLC, standardisation of secure implementations that can be leveraged across application suite etc.
  • Review current threat landscape by monitoring the latest developments in the security industry, vulnerability notifications from threat intelligence sources or CVE advisories according to impact to Client infrastructure/application suite.
  • Assist Client's Operational Security and provide support for the team on key security initiatives (eg annual phishing awareness tests, SIEM improvements, general security domain activities).
  • Provide on-the-job training and mentoring to other members of the Client team.

Mercator IT Solutions provides services as an agency and an employment business