A global media organisation are looking to hire a Penetration Tester on a contract basis to join their London based office. The purpose of this role is to establish and maintain a global technical security capability, ensuring that all data, information and IP assets are appropriately protected, ensuring that confidentiality, integrity and availability is maintained in accordance with all applicable legal/regulatory, company policy and applicable client contractual requirements. This role will focus on the incorporation of security engineering requirements into Agile software development backlogs (misuse/abuse cases, acceptance criteria etc). The ideal candidate will have strong penetration testing experience with agile, DevOps and Continuous Integration/Continuous Deployment experience being a must.
Key responsibilities:
Develop, validate and assure threat models
Validate authentication and authorisation flows e.g. SAMLv2, OIDC, RBC/ABAC
Targeted abuse of modern languages and frameworks
Multi-vendor cloud control validation (AWS, GCP and Azure)
Develop automated assurance frameworks and libraries to assure workloads at build and runtime (DevOps and multi-cloud workloads)
Scale usage of automated vulnerability assessment tools by feature teams
Mentor junior engineers to build their skills and contribution levels
Validate security engineering patterns and designs to 'shift-left' security assurance
Mentor feature teams to improve code quality and delivered technical debt
Required skills:
7+ years penetration testing experience
Agile, DevOps and CI/CD experience essential
Threat modelling, security research or software engineering experience highly regarded
Working knowledge of cloud security service design approaches and concepts is preferable (Azure, AWS or GCP)