Job Overview:
The Senior Penetration Tester plays a critical role in delivering secure future energy and market systems. This position requires outstanding communication skills, extensive experience with contemporary adversary tradecraft, defensible architecture principles, and control and maturity frameworks.
Key Responsibilities:
* Assist and coordinate with the design, development, delivery, and sustainment of a robust and comprehensive cyber assessment and testing capability.
* Select appropriate testing approach using in-depth technical analysis of risks and typical vulnerabilities.
* Produce test scripts, materials, and test packs and test new and existing networks, systems, or applications to identify vulnerabilities and non-conformance with standards and patterns.
* Work with project teams, security/solution architect, application owners to develop penetration test scope that includes relevant threat scenarios.
* Plan and drive penetration testing within a defined area of business activity. Record and analyze actions and results and modify tests if necessary.
* Identify needs and implement new approaches for penetration testing. Contribute to security testing standards.
Requirements:
* Good experience in a technical cyber security testing and assurance function preferably with critical infrastructure in the Energy Sector.
* Detailed understanding of contemporary adversary tradecraft, effective controls, and models for adversary emulation (including Mitre ATT&CK).
* Demonstrated experience in successfully working with external vendors to perform the penetration testing.
* Problem Solving: Within clear organisational policies and business/professional principles jobholder applies analytical thinking to diverse problems. Diagnoses and develops solutions and may carry these through to implementation.
* Demonstrated experience in the application of security control and maturity frameworks such as ISM, NIST-CSF, AESCSF, CIS 18 / NIST 800-53, NIST 800-82.
* Demonstrated technical knowledge of a broad range of IT and security technologies, including:
• Identity and Access Management
* • Contemporary endpoint detection and response, vulnerability detection and management.
* • Next generation web proxies, email gateways, and firewalls.
* • TCP/IP, Network Switches, and Routers Network Firewalls and WAFs, Active Directory, Microsoft Servers, Linux Servers, VMware Servers, Web Servers, Database Servers, Messaging Systems, IAM systems, PKI, Encryption.
* • SIEM, Security Log Analysis, Microsoft Sentinel, Incident Response Tooling, Forensic Tooling, Virtual security analysis environments.
* • Microsoft Azure and Microsoft defender security capabilities, tooling, and practices.
Benefits:
* Flexible working: work from home, part time, job share, hybrid options, and additional leave options.
* Professional development via projects, industry networks, job rotation, study assistance, and more.
* Give back with up to 4 days of volunteering leave per year.
* Embrace a healthier you with our wellness program, discounted health insurance, gym perks, and our comprehensive Employee Assistance Program (EAP).