Senior Penetration Tester

Control Risks is looking to hire a Senior Penetration Tester to help support a Fortune 50 tech client with ours by providing guidance and technical expertise to their security program. The successful candidate will help the team develop the tests needed as well as guide the junior testers as the team works to ensure the company's internal programs are safe and secure.

• Conducting high quality application penetration tests independently, or as part of a team.
• Creating detailed engagement test plans and thoroughly documenting findings, gaps, and remediation recommendations.
• Contributing to team tooling, innovation, and improvements.
• Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence and prioritize the resolution of discovered security findings.
• Help lead the team in developing tests and controls for penetration tests

Requirements

• Three years of specialized experience in penetration testing or experience responding to advanced threat incidents for large enterprises as a member of an incident response team.
• Bachelor’s degree in computer science or related field, or equivalent industry experience.
• Experience in penetration testing or related offensive security role.
• Experience with security engineering practices, including web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines.
• Experience with dynamic and manual code auditing to identify security issues.
• Experience with interpreted or compiled languages, preferably Linux.
• Experience with threat modeling, design review, or other threat analysis techniques.
• Experience with network / full stack penetration testing in cloud environments.
• Knowledge of cloud service providers and their offerings.
• Experience in developing security tooling and automation.

• Four years of specialized experience in penetration testing or experience responding to advanced threat incidents for large enterprises as a member of an incident response team.
• Advanced degree in Computer Science or related field.
• OSWE/OSCP/CCSP/CISSP certification.
• Excellent judgement in assessing and prioritizing technical risk.

Benefits

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• We operate a discretionary bonus scheme that incentivizes, and rewards individuals based on company and individual performance
• Control Risks supports hybrid working arrangements, wherever possible, that emphasize the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.