Description
Application Security and Penetration Testing Role - required to lead penetration tests for a financial services organisation
Must have an excellent understanding of the Secure Software Development Lifecycle having defined and carried out security activities throughout each of the development phases, including activities such as specifying security/logging requirements, security code review (manual and automated) and application penetration testing for multiple clients.
The candidate must possess the ability to assess complex designs, understand the security risks and propose suitable mitigation for security weaknesses, whether during the design or implementation phases using a variety of standard techniques. Ability to undertake Assumed Compromise/Internet based attacks, vulnerability identification and remediation efforts.
Must be a self-starter and able to engage with stakeholders across the business, liaising with stakeholders to organise and resolve penetration test defects - prioritising vulnerabilities based on outstanding risk severity Qualifications/Experience. Highly experienced in Application Security and Penetration Testing.
* Candidate ideally holds UK CESG CHECK Team Leader qualifications, enabling them to lead penetration tests for UK HMG, MOD and Telecoms/Financial/Commercial clients
* Candidate would also ideally be Crest Registered Tester, Penetration Testing qualification.
* BEST Red Team exercises in relation to telecoms regulation.
* Infrastructure/Assumed Compromise/Application (web mobile) Penetration Testing.
* OSINT/External perimeter monitoring.
* Threat Hunting.. Performed Mobile/Web and API testing for new jaja finance credit card application during development process.
* Identify weaknesses and vulnerabilities within a new application.
* Carry out Risk Assessment/Triage and remediation of vulnerabilities.
* Proposed solutions to Head of Technology/Stakeholders (Devops) to facilitate vulnerabilities resolution.
* Retested/Analysed resultant Risk posture.
* Managing and executing Penetration Testing engagement.
* Scope writing.
* Web Application Testing.
* Various Web Application penetration tests.
* Vulnerability Management.
* Mobile Application Testing (iOS/Android)
* Infrastructure Penetration Testing both remotely and onsite.
* API/Endpoint Security Testing.
* Web Application Penetration Testing.
* PCI-DSS Web Application Testing
* Familiarity with OWASP ASVS.
* Detailed knowledge of Firewalls and Intrusion Detection Systems.
* Independent, unbiased IA advice and training.
* Detailed knowledge of TCP/IP protocol suite.
Spring Technology acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. The Spring Group UK is an Equal Opportunities Employer.
By applying for this role your details will be submitted to Spring. Our Candidate Privacy Information Statement explaining how we will use your information is available on our website.