Blackthorn Trace have partnered with a Security Risk Consultancy firm based in Central London to invite another talented Penetration Tester to join their growing team. Our client is looking for a confident Penetration Tester that can communicate effectively with their Clients.
The Penetration Testing position is intended to perform and support the core components of our Clients product and services offerings.
The location of this role is in Central London HQ as well as being based on Client sites. The new Penetration Tester will be expected to work under minimal supervision, alone and within a team and under deadlines.
• Identify, exploit and document security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
• Ability to test a variety of client form factors and technologies based on scopes of work.
• Ability to solve complex technical problems and articulate to non-IT personnel.
• Ability to effectively provide technical risk assessment of technologies in networks applications, wireless, social engineering, code reviews and war dialling.
• Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
• Perform, review and analyse security vulnerability data to identify applicability and false positives.
• Research and develop testing tools, techniques, and process improvements.
• Create risk based security code reviews (static & dynamic.)
• Conduct penetration testing in line with Open Web Application Security project.
• Mentor junior engineers to build their skills and contribution levels.
• Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
• Support company through the testing and evaluation of new technologies and security controls.
• May require the performance of other essential functions depending upon work location or assignment.
• Knowledge of security best practice guidelines, (ISO 17799, NIST, OWASP etc.)
• Relevant professional experience including working knowledge of the following.
• TCP/IP, HTML, XML, CGI, Python, Perl, Java, Java Script, C++, C#. .Net, networking including IP classes, subnets, multicast, NAT.
• WINS, DNS, and DHCP, Network troubleshooting.
• Microsoft OS, Active Directory and Server technologies.
• Encryption cracking tools
• Password cracking tools
• Remote access methods.
• Backup and disaster recovery methodologies.
• Patch management technologies and processes.
• Wireless protocols and services.
• Variety of testing tools such as: Paros, WebScarab, Burpsuite, Nessus, Appscan,
• Familiarity with UNIX a plus.
• Design and testing experience related to security.
• Experience with security issues in large scale networks.
• Hands on experience with firewalls, routers, bridges, switches and gateway devices, appliances and software.
• Ability to grasp new technology concepts, quickly and assist others in understanding them as well.
• Senior-level documentation and project management skills.
• Ability to work in a team environment and interact with people.
• Strong verbal, communication and technical writing abilities.
• Project management skills.
• Possess strong leadership, coaching and mentoring skills.
• Occasional travel, possibly air travel.
• Ability to meet pressured deadlines and time constraints.