Penetration Tester at TESTQ Technologies Limited, Horley, 3 Months, £Contract Rate

  • Contract Spy
  • Horley, England, United Kingdom
  • Oct 01, 2024
up to 6 Months Information Technology

Contract Description

Type: Contract

Location: Horley 2 days / Week Onsite

C2H Position ( 3 months contract + Conversion)

 

The Penetration Testing Lead role & responsibilities is detailed below:-

  • Responsible for Customer Cybersecurity OT & IT Annual Penetration testing lifecycle.
  • Responsible for delivering defined volume of pen tests across Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments.
  • Responsible for identifying & tiering Customer OT & IT assets, services & systems to build on the current Tiering system identified in the Discovery phase.
  • Prioritisation, detailed planning & scheduling of all Pen Test engagements. Ensuring weekly, monthly & annual testing exercises and scheduled based on Tiering.
  • Engage with Product Group owners & internal stakeholders as part of the discovery phase to ensure that there will be no duplications of effort around pre-existing/pre-planned pen test engagements (Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments)
  • Manage Annual Pen test Supplier engagements & the relationships within Customer.
  • Manage all onboarding and offboarding of 3rd party Supplier resources, ensuring they have all required accounts/privilege/physical security badges etc to be able to start their engagement.
  • Responsible for managing Operational Gas Business Owner relationships.
  • Manage regulated operational sites business processes including sign off.
  • Build and own all required and relevant policies and procedures around pen testing within Customer adhering Best Practices & NCSC guidance.
  • Review 3rd parties pen test reports, briefing internal stakeholders on findings.
  • Capture and document the findings, risks and exceptions and recommend remediation.
  • Collaborate with IT and cybersecurity teams to enhance security protocols and remediate finding.
  • Tracking progression of remediation tasks. Reporting on a weekly basis to internal stakeholders on progress and any blockers. Building secure Power Bi dashboards to report on progress.
  • Update the Customer CMDB with the relevant vulnerabilities. Ensure this is highly secured.
  • Provide monthly reporting on remediation activities and track progress to Cybersecurity & I.T Management team.
  • Manage the patching regime to remediate the identified pen test vulnerabilities. Confirm with BAU Vulnerability Management team that there is no duplication of effort.

Required skills.

  • Strong understanding of both OT & IT asset profiles, technology & security best practice principles.
  • Excellent report writing and communication skills for documenting findings and advising on security improvements.
  • Must have previous experience working in a technical cyber security role.
  • Strong understanding of network protocols, cryptography, and security vulnerabilities.
  • Preference given to candidates with OSCP certification.
  • Preference given to candidates that have recent experience working as a Pen tester or worked in a Red Team type role.
  • SC clearance (Need to confirm requirement) & CREST Certification would be preferable.
  • Proficiency with penetration testing tools.
  • Understanding of OWASP.
  • Understanding of what API’s are, how they’re used and how they can be utilised by an attacker.
  • Strong stakeholder engagement and relationship management