Type: Contract
Location: Horley 2 days / Week Onsite
C2H Position ( 3 months contract + Conversion)
The Penetration Testing Lead role & responsibilities is detailed below:-
- Responsible for Customer Cybersecurity OT & IT Annual Penetration testing lifecycle.
- Responsible for delivering defined volume of pen tests across Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments.
- Responsible for identifying & tiering Customer OT & IT assets, services & systems to build on the current Tiering system identified in the Discovery phase.
- Prioritisation, detailed planning & scheduling of all Pen Test engagements. Ensuring weekly, monthly & annual testing exercises and scheduled based on Tiering.
- Engage with Product Group owners & internal stakeholders as part of the discovery phase to ensure that there will be no duplications of effort around pre-existing/pre-planned pen test engagements (Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments)
- Manage Annual Pen test Supplier engagements & the relationships within Customer.
- Manage all onboarding and offboarding of 3rd party Supplier resources, ensuring they have all required accounts/privilege/physical security badges etc to be able to start their engagement.
- Responsible for managing Operational Gas Business Owner relationships.
- Manage regulated operational sites business processes including sign off.
- Build and own all required and relevant policies and procedures around pen testing within Customer adhering Best Practices & NCSC guidance.
- Review 3rd parties pen test reports, briefing internal stakeholders on findings.
- Capture and document the findings, risks and exceptions and recommend remediation.
- Collaborate with IT and cybersecurity teams to enhance security protocols and remediate finding.
- Tracking progression of remediation tasks. Reporting on a weekly basis to internal stakeholders on progress and any blockers. Building secure Power Bi dashboards to report on progress.
- Update the Customer CMDB with the relevant vulnerabilities. Ensure this is highly secured.
- Provide monthly reporting on remediation activities and track progress to Cybersecurity & I.T Management team.
- Manage the patching regime to remediate the identified pen test vulnerabilities. Confirm with BAU Vulnerability Management team that there is no duplication of effort.
Required skills.
- Strong understanding of both OT & IT asset profiles, technology & security best practice principles.
- Excellent report writing and communication skills for documenting findings and advising on security improvements.
- Must have previous experience working in a technical cyber security role.
- Strong understanding of network protocols, cryptography, and security vulnerabilities.
- Preference given to candidates with OSCP certification.
- Preference given to candidates that have recent experience working as a Pen tester or worked in a Red Team type role.
- SC clearance (Need to confirm requirement) & CREST Certification would be preferable.
- Proficiency with penetration testing tools.
- Understanding of OWASP.
- Understanding of what API’s are, how they’re used and how they can be utilised by an attacker.
- Strong stakeholder engagement and relationship management