Senior Penetration Tester
- Location Swindon Head Office, South West England
- Salary £50,840 - £73,436
- Contract type Permanent
- Closing date 24/04/2019
- Ref R002800960
- A Senior Penetrator Tester in our head offices in Swindon.
- Salary £50,840 - £73,486 (dependent on skills and experience), based on a permanent, 35hour per week, contract.
- Send in your application by 24th April 2019.
Nationwide strives to ensure the organisation remains robust and resilient and continues to provide outstanding service to our members. An exciting opportunity has arisen to be part of our Penetration Testing Team that helps to ensure our customers’ data is protected and controlled through the day-to-day lifecycle management of scoping, testing and reporting. This will involve liaising with Nationwide’s security and other internal teams to agree requirements, scope tests and execute a wide variety of application and infrastructure-based tests and work with a variety of stakeholders to triage the reported findings.
Who we're looking for
We’re looking for an enthusiastic, motivated and experienced Penetration Tester with a proven track record of working in a security testing function, particularly in the field of Penetration Testing. You’ll be used to working in a fast-paced, dynamic environment where you are part of a multi-disciplinary team and responsible for maintaining high standards of operational output.
As a minimum requirement, you’ll have:
- Significant experience of undertaking Penetration Tests, for highly resilient solutions
- Detailed knowledge of Penetration Testing Tools, Techniques and Methodologies
- Extensive, demonstrable knowledge of security vulnerabilities and risk reduction methodologies
- Experience of undertaking both automated and manual application Penetration Testing assessments within Agile environments
- Experience in providing technical leadership and line management in a multi-supplier and multi-team environment
- Experience of security testing cloud services and API-based technologies
- Experience of leading Red Team engagements
- Formal industry recognised qualification e.g. CHECK, CREST, OSCP, QSTM
- Be a resilient and highly motivated self-starter who relishes a challenge and is able to work independently or as part of a close-knit team
- An excellent understanding of common security standards and regulatory compliance requirements
- Practical knowledge of application security standards and compliance (e.g, OWASP, PCI-DSS).
- The ability to build strong relationships with DevOps and SecOps teams to develop and support a culture of ‘built-for-security’ and ensure testing requirements are progressed and findings are triaged and acted on accordingly
- Competence in one or more scripting language. E.g. Perl, Python, Shell Scripting etc.
- Competence in one or more high level programming languages like Java, C, C++, Ruby etc.
- Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++.
- Experience of an equivalent role at a large financial services provider within the last 3 years
- Experience in writing penetration/Red Team test reports in a timely manner using language which is accessible by technical SMEs as well as less technical stakeholders
What you'll be doing
As a Senior Penetration Tester in the Penetration Testing Team you will join a small group of experienced, personable and dedicated security professionals who provide a technical security testing service to all areas and levels of the business. Your core responsibilities will be to apply processes and tools to test for the presence of security vulnerabilities in Nationwide and supplier systems to meet Strategic, Operational and Tactical objectives.
You’ll be effective at communicating with senior stakeholders and you will be adept at articulating technical vulnerabilities and making recommendations using layman’s language. In conjunction with our internal risk management framework you will evaluate identified vulnerabilities and using your influencing skills you will ensure appropriate action is agreed and acted on in a timely and effective manner, with the focus on our members’ interests.
The successful candidate will be able to demonstrate an excellent understanding of, and experience in, a diverse range of technologies including: web-based and networking with a clear focus on security.
In addition, you will have a detailed understanding of Penetration Testing methodologies together with a keen interest in the future of cyber security issues faced by financial organisations. The individual we are looking for will have a strong delivery focus, be self-motivated with a positive can-do attitude and will be eager to seek out new challenges. You will also have good line management and leadership acumen, and be able to mentor and support more junior members of the Team, leaning on your extensive and varied experience.
The extras you'll get
If you put a lot in, it’s only fair you should get a lot out. So, if you help us do the right thing for our members, we’ll help further your career with us.
As part of our team you’ll get:
- Access to training to help you progress and develop your technical skills and career
- Pension scheme where if you pay in 7% we’ll top it up to 23%
- Life assurance worth 8x your salary
- 24 days’ holiday plus bank holidays
- The ability to 'buy’ up to 10 days more holiday
- Flexible benefits scheme giving you access to discount vouchers at various retail outlets
- Access to an annual performance related bonus scheme