Senior Pentester

Eames is currently working with a reputable global insurer on the appointment of a Senior Pen tester / Red team leam.

Key Responsibilities:

• Develop the internal red and purple teaming capability ,ensuring a cadence of testing is developed to test security and business controls across a range of scenarios.
• Ensure red and purple team testing is developed end to end - from scoping, scenario building, through to testing, remediation tracking and reporting.
• Remain up to date with the latest threat information, maintaining an accurate and up to date knowledge
• Work across the CISO team to develop realistic testing scenarios, ensuring they test security and business controls and seek out any security gaps.
• Work with external vendors to ensure red and purple teaming operations are conducted in a cadence that tests controls on at least a quarterly basis.
• Produce concise and accurate technical reports and executive summaries of testing activities in collaboration with external vendors supporting testing activities.
• Ensure testing findings are reported to the CISO promptly for remediation discussion.
• Track red and purple team remediations across the business, ensuring a weekly reporting cadence is produced for the CISO.
• Develop a reporting cadence for pen testing that tracks remediation, reporting this to the CISO.
• Work with external vendors to ensure internal applications are tested on an annual basis.
• Ensure the internal pen testing capability support secure by design build.
• Give testing updates/presentations to the CISO team to ensure their understanding of any security gaps and remediation efforts ongoing.

Required Skills and Profile:

• 5+ years of Penetration and/or red teaming testing experience
• Have a strong interest in red and purple teaming techniques and development.
• Demonstrate an excellent knowledge of penetration testing skills at infrastructure and application layers with experience performing authorised tests on computer systems exposing weaknesses in security that potentially could be exploited.
• Experience with penetration testing of applications and infrastructure testing.
• Strong understanding of common security standards and regulatory compliance.
• Strong knowledge of network protocols and packet analysis / manipulation tools.
• Strong knowledge of preventative and detective controls (Active Directory, firewalls, IDS, IPS, anti-virus, etc).
• Ability to do manual penetration testing/validation and not rely on automated scanners.
• Industry relevant certifications are desired.
• Excellent written and verbal communication skills.
• Experience of reporting to executive level.
• Strong organisation skills and ability to work in a pressurised environment whilst working towards and achieving deadlines.