The security of information is critical to the ongoing success and reputation of the SCC business. The role of Penetration Tester will offer the successful candidate an exciting opportunity to work closely with the business in a range of testing activities to ensure that solutions and systems are used in a secure and appropriate manner.
The Pen Tester will report directly to the Security Assurance Architect to enhance SCC internal GRC (Governance, Risk and Compliance) functions abilities to provide technical assurance to the SCC Group.
The duties of the position shall include ensuring new systems and solution are penetration tested prior to going into production, conducting ongoing tests against solutions and systems, report writing, advising SME on findings and Red Teaming.
This is a fantastic opportunity for the right candidate to work in a challenging and fast paced environment, working on a subject matter that is key to the ongoing success of the SCC Group of companies.
Below are key responsibilities:
Perform range of Penetration Test;
- Both Internal & External,
- Web Applications & Services,
·Work with the business to schedule security testing activities.
·Complete written reports and present finding to IT and Business stakeholders.
·Present findings to Business and Technical Stakeholders.
·Schedule, scope and manage security testing performed by 3rd parties.
·Support IT and Business in remediation activities.
·Perform pre-ITHC (IT Health Check) assessments.
·Perform Re-tests and validation of remediation.
·Red & Purple Team Activities including;
- Threat Hunting.
- Validate SOC coverage and effectiveness.
·Support the business in implementing new controls.
·Provide project security assurance.
·Work with development teams to ensure a Secure Software Development Life Cycle.
·The role is based in Birmingham but may require travel to other SCC Group locations, which may include international travel.
Skills, Knowledge and Experience:
·Minimum 5 years’ experience in IT or Security roles.
·Good working knowledge and experience Firewalls, Routing, Intruder Detection Systems, Operating Systems, Databases and Common Application Architecture.
·Appropriate certifications in security testing (OSCP, CRT, GPEN, GXPN or PenTest+).
·Knowledge of the OWASP10.
·Knowledge of not just utilising tools but also understand manual hacking techniques.
·Will understand how to use the following:
- Burp Suite
- Other Testing tools
·To have SC security Clearance or be able to undergo the process of SC clearance.
·B.S. degree in Computer Science, Software Engineering, MIS or equivalent preferred
·Information Security Certification, such as CISSP, Security+ or CISA.
·IT Technology certification from Microsoft, Cisco, CompTIA.
·Experience in programming or scripting (PowerShell, Python, Perl, Java, etc)