Job Description
Senior Penetration Tester and 'Red Team' Cyber Security Operator/Leader
Newly created role in the Cyber / IT Security function
£90,000 - £110,000
Birmingham / London office location but mainly remote working
Senior Penetration Tester, Cyber Security Leader, Cyber IT Security, Penetration Tester, Team Manager, Team Lead, Red Team, Blue Team, Purple Team, Cyber Threat Security, CISO, Active Directory, firewalls, IDS, IPS, anti-virus
REAL Cyber and IT Security role. Ideal candidate would be a Penetration Tester that also has Team Management or Operations Management or Red or Blue or Purple Team Management experience.
Senior Penetration Testing (Tester) and 'Red Team' Cyber Security Operator/Leader
Job Summary:
Take responsibility for the development of the internal red teaming and pen testing capability, supporting the global CISO in setting and communicating the strategy and direction in line with global business strategy:
Take ownership of running red and purple team operations
Take ownership of the internal pen testing capability
Keep up to date with threats, supporting the threat intelligence capability understanding of complex attack chains and new techniques being utilised by cyber criminals to ensure the Cyber Security framework is fit for purpose and evolves to counter such threats.
Embed an intelligence and threat led culture into the CISO function to ensure the information security and IT security capabilities and controls are tested against growing cybercriminal threats.
Key Responsibilities:
Develop the internal red and purple teaming capability, ensuring a cadence of testing is developed to test security and business controls across a range of scenarios.
Ensure red and purple team testing is developed end to end - from scoping, scenario building, through to testing, remediation tracking and reporting.
Remain up to date with the latest threat information, maintaining an accurate and up to date knowledge of information security issues, whilst also keeping abreast of new technologies, methodologies, techniques and vulnerabilities being exploited by cyber criminals, ensuring this is communicated throughout the CISO team.
Work across the CISO team to develop realistic testing scenarios, ensuring they test security and business controls and seek out any security gaps.
Work with external vendors to ensure red and purple teaming operations are conducted in a cadence that tests controls on at least a quarterly basis.
Produce concise and accurate technical reports and executive summaries of testing activities in collaboration with external vendors supporting testing activities.
Ensure testing findings are reported to the CISO promptly for remediation discussion.
Track red and purple team remediations across the business, ensuring a weekly reporting cadence is produced for the CISO.
Develop an internal pen testing capability
Develop a reporting cadence for pen testing that tracks remediation, reporting this to the CISO.
Work with external vendors to ensure internal applications are tested on an annual basis.
Ensure the internal pen testing capability support secure by design build.
Give testing updates/presentations to the CISO team to ensure their understanding of any security gaps and remediation efforts ongoing.
Create KRIs
Support the CISO team on incident response forensics.
Required Skills:
5+ years of Penetration and/or red teaming testing experience
Have a strong interest in red and purple teaming techniques and development.
Demonstrate an excellent knowledge of penetration testing skills at infrastructure and application layers with experience performing authorised tests on computer systems exposing weaknesses in security that potentially could be exploited.
Experience with penetration testing of applications and infrastructure testing.
Strong understanding of common security standards and regulatory compliance.
Strong knowledge of network protocols and packet analysis / manipulation tools.
Strong knowledge of preventative and detective controls (Active Directory, firewalls, IDS, IPS, anti-virus, etc).
Ability to do manual penetration testing/validation and not rely on automated scanners.
Industry relevant certifications are desired.
MSc Information Security
CISSP, CISM or similar
Knowledge and Experience
EXPERIENCE IN information and cyber security leadership positions.
A strong background in security management, with proven knowledge across key areas such as cyber strategy, cyber risk and governance, controls and policy.
Whilst the role does not require a deep technical specialist, you must have a good foundation of technical knowledge, e.g. network and system security, vulnerability management, identity management, secure development, cloud etc
Good knowledge of Microsoft environments and technologies preferred.
Good knowledge of data protection regulations
Senior Penetration Tester and Red Team Cyber Security Leader
Newly created role in the Cyber / IT Security function
£90,000 - £110,000
Birmingham or London office location but mainly remote working
Senior Penetration Tester, Cyber Security Leader, Cyber IT Security, Penetration Tester, Team Manager, Team Lead, Red Team, Blue Team, Purple Team, Cyber Threat Security, CISO, Active Directory, firewalls, IDS, IPS, anti-virus