Senior Penetration Tester – Circa 95k

Senior Penetration Tester / Red Team Security Specialist

Candidates need to have previous experience in this role most recently.

The Client

Based in London my client are a prestigious Professional services organisation boasting a workplace with cutting edge people that is moving with the modern ways working. Named as one of the leading professional services organisations places to work for 3 times in a row, the work environment attracts a seasoned professional who wants to be part of the best of breed.

The role

This role reports to the Head of Information Security and requires a fast-learning and self-motivated individual to add capability and capacity to our small but highly effective team.

Information Security is evolving to dynamic business needs, a rapidly changing threat environment, and the firm’s own ambitious IT Strategy. This role will help play a key part in implementing and improving the underlying processes required to provide a structured, systematic, and audited approach to Information Security across the firm. The role will have clear areas of focus combined with periodic involvement in a broad spectrum of information security activities. This is a pivotal role within the Information Security Team.

The key tasks and responsibilities include, but are not limited to, the following:
• Conduct thorough Red Team offensive penetration testing on our IT (on prem and cloud) infrastructure to identify vulnerabilities and provide recommendations for remediation.
• Perform security assessments on cloud-based applications, ensuring they adhere to industry standards and best practices.
• Execute red team exercises to simulate real-world attack scenarios, testing the firm’s detection and response capabilities both internal and external.
• Assess and test the security of internally deployed infrastructure IoT devices and sensors, identifying potential vulnerabilities and ensuring they are secure.
• Assess and test our SmartBuilding digital landscape and data lake.
• Assess and test identified web-based APIs and applications for vulnerabilities and recommend where required actions to resolve the vulnerabilities.
• Provide guidance to internal teams on API security testing and secure practices, as well as carrying out API security assessments.
• Work with wider stakeholders on developing testing models for Generative A.I security.
• Work with wider teams to assess the security testing landscape and make sure we reduce vulnerabilities to minimise security incidents where appropriate and practical.
• Collaborate with cross-functional teams to implement security measures and enhance the firm’s overall security posture.
• Prepare detailed reports and presentations on findings, offering actionable insights to both technical and non-technical stakeholders.
• Stay informed about the latest security trends, threats, and technologies to proactively address potential risks.
• Assist in developing and maintaining security policies, procedures, and guidelines.
• Serve as the key point of contact for all matters related to security testing engagement.
• Collaborate with stakeholders to continually enhance efficiencies and maintain compliance with client and external audit requirements.
• Utilise data and stakeholder feedback to drive continuous improvements in security testing.
• Support the security team by focusing on key knowledge and behaviours, empowering colleagues to become informed security contacts within their teams and helping peers resolve security issues.
• Research and analyse existing security policies, standards, and resources to identify areas where additional training or guidance is needed.
• Participate in the evaluation, selection, and implementation of security testing technologies.
• Stay informed about emerging threats and trends, integrating this knowledge into the security testing processes
• Support the firm’s certification activities, such as ISO27001, SOC2, and Cyber Essentials Plus, by assisting with audits, documentation, and continuous improvement efforts.
• Engage with security industry groups and collaborate with external industry partners to stay aligned with best practices and industry standards.

Qualifications

Your experience

The ideal candidate should possess comprehensive experience and knowledge in security testing and red teaming, with the ability to effectively communicate these concepts within the firm.

The candidate should have a background in information security and be capable of conducting a wide range of security testing and red teaming activities, as well as providing advice and guidance to the business. This role involves will also involve coordinating external security requirements, identifying areas for continuous improvement in security services, and ensuring the effective execution of security testing and red team exercises. The candidate will address the evolving security needs of the business and should have a strong background in delivering actionable results

The candidate must be able to quickly assimilate information to assess and document risks, engage with individuals at various levels of seniority, and balance the need to gather information. They should consistently demonstrate how Information Security aligns with the firm’s business objectives and our clients’ need for information assurance. An organised approach to managing and prioritising multiple concurrent assignments is essential.

A degree-level education is likely but not essential, as CREST/CHECK/OSCP/OSWE/OSWA status, and having various qualifications or full membership status with the IISP would be highly advantageous. This role may in the future expand to require security clearance.

This role may expose the candidate to our external clients, so it is important that this candidate be able to maintain good working relations and strive to build bridges even in challenging circumstances

Experience in developing and using structured documentation – process, format, logical content, version control etc is also important.