Offensive Security Consultant

Offensive security testing (‘testing’) is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. This testing is executed using a combination of automated tools and manual testing.

This role exists to provide offensive security testing services to a wide range of products and services, identifying security weaknesses and exposures that pose a risk to the enterprise.

What you’ll be doing:

• Work with project stakeholders to identify assets and define test scopes – evaluating the breadth and depth on which testing should take place based on varying factors;
• Execute penetration tests, either in a team or individually, to identify vulnerabilities and weaknesses that could impact key systems; Including testing of web applications, mobile applications, web APIs, Infrastructure, Cloud technologies, and hardware.
• Triage vulnerabilities and justify risk in alignment with common vulnerability scoring systems, considering the environment and context;
• Report testing results to key project stakeholders in varying formats (i.e. traditional report, bug tickets), including verbal communication;
• Be involved with internal projects and initiatives to uplift team capabilities;
• Provide QA reviews for testing scopes and reports from your peers to ensure high quality and accuracy of testing;
• Where required, work as an embedded penetration tester on large programs;
• Assist with other offensive security activities within the team (e.g. red team activity);
• Self-manage security testing projects from end-to-end;
• Participate in ‘run the business’ activities, such as maintenance and uplift of the penetration testing environment.

What you’ll bring:

• Experience testing various technologies and platforms, including but not limited to; Web applications, web APIs, mobile applications (iOS, Android), network and server technologies, cloud services (AWS, Azure), and hardware;
• A comprehensive understanding of Penetration Testing frameworks and methodologies (OWASP, OSSTMM, WAHH);
• Methodical, analytical approach with outstanding attention to detail. The ability to construct and execute testing within a controlled environment that complies with methodologies, policies, and best practice;
• A clear understanding of both manual and automated penetration testing techniques, including knowledge of common penetration testing tools and the impacts they have on systems;
• A good understanding of risk mitigation strategies when working in a highly sensitive environment;
• Experience writing and conveying complex security findings through reports;
• At least 3 years as a penetration tester;
• Experience working with large corporations.

Salt is acting as an Employment Agency in relation to this vacancy.