Penetration Tester

Penetration Tester

My client is a Leading Global Digital Media Advertising Agency based in Central London.

This is a great time to join my client as they have recently won some brand new business and

are looking to become a 100% digital economy business.

They have newly put together an Innovation, Engineering and Architecture function.

There are a number of key initiatives that will drive technology strategy, rationalisation and impact; The Global Data Platform forms the strategic solution for my client's data needs; my client has thousands of clients, all of whom have a dependency on the availability and subsequent analysis of their marketing and advertising operational data which delivers demonstrable value. Through Business Intelligence reporting, Analytics and Data Science, my customers clients are informed of the performance of their campaigns including resulting revenue implications, enabling the client teams to continuously improve the operational effectiveness and efficiency delivered to clients. The Global Data Platform will be delivered to a highly scalable, robust, cloud agnostic and modular specification, enabling the platform to grow in a manageable and cost effective way with Data Governance and Security forming vital ingredients. Job Description:

We are well placed to build capability, scale and sustainable growth as a high performance business. Our strategy is driven by our unique culture with one vision (to innovate the way brands are built), one set of values and a unique operating model which drives collaboration, client focus and attention.

The Global Technology operating model is based around a set of principles and a clear alignment to the Business strategy. Those core themes are formed around scalability, compliant and agile solutions and propagating a significant move to cloud.

The purpose of this role is to establish and maintain a global technical security capability, ensuring that all data, information and IP assets are appropriately protected, ensuring that confidentiality, integrity and availability is maintained in accordance with all applicable legal/regulatory, company policy and applicable client contractual requirements.

This role will focus on the incorporation of security engineering requirements into Agile software development backlogs (misuse/abuse cases, acceptance criteria etc)

Responsibilities

• Develop, validate and assure threat models
• Validate authentication and authorisation flows e.g. SAMLv2, OIDC, RBC/ABAC
• Targeted abuse of modern languages and frameworks
• Multi-vendor cloud control validation (AWS, GCP and Azure)
• Develop automated assurance frameworks and libraries to assure workloads at build and runtime (DevOps and multi-cloud workloads)
• Scale usage of automated vulnerability assessment tools by feature teams
• Mentor junior engineers to build their skills and contribution levels
• Validate security engineering patterns and designs to 'shift-left' security assurance
• Mentor feature teams to improve code quality and delivered technical debt

Candidate Profile

• Multiple years penetration testing experience
• Agile, DeveOps and CI/DC experience essential
• Threat modelling, security research or software engineering experience highly regarded
• Working knowledge of cloud security service design approaches and concepts is preferable (Azure, AWS or GCP)
• Proactive, motivated, committed, self-starting
• GIAC, OSCP or CEH certifications highly regarded

We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage and civil partnerships, pregnancy or maternity or age.