Security Penetration Tester

Social network you want to login/join with:

Risk Crew is a highly innovative and forward-thinking company based in Greater London. We are dedicated to helping organizations protect their systems from cyber threats by providing effective cyber security solutions. Our approach involves challenging assumptions, verifying information, and delivering pragmatic and results-driven solutions. With a proven track record and strong client relationships, we are trusted by our clients to meet their goals.

The role: As a Penetration Tester on Risk Crew, you'll be part of an elite team of security experts who are dedicated to identifying and mitigating security vulnerabilities in web applications, infrastructure, cloud, API, wireless, and mobile applications. You will act as a trusted advisor, conducting comprehensive security assessments of our clients' most critical assets. Apart from security testing you will support the team to ensure on-time, on-budget delivery of their assigned tasks, quality of their deliverables and overall customer satisfaction. This role will require mid-level expertise in multiple domains of security testing, and we expect you to be versatile yet methodical in your testing approach.

The location: The duties of this position will be performed mainly at the Risk Crew office, in London SE1 with occasional travelling to customer UK locations.

What we offer:

• Opportunities for professional growth and development.
• Collaborative, dynamic and positively charged work environment.
• Remote work options.
• Access to cutting-edge security tools and technologies.
• Recognition and rewards for outstanding performance.

Your responsibilities:

• Performing web application, infrastructure, cloud, API, wireless and mobile application penetration tests on a regular basis.
• Contributing to Red Team and social engineering testing.
• Report writing and client-facing presentation of test findings.
• Consulting clients on required remedial actions.
• Assisting with the development of junior members of the team.
• Helping with collateral marketing materials: topical research, white papers and articles.
• Staying up to date with the latest security trends, technologies, and threats.
• Contributing to the evolution of the in-house penetration testing methodology and processes.

Your mandatory technical skills:

• Ability to perform black box, grey box and white box tests with an attacker's mindset.
• Expertise in using Kali, Burp Suite, Nmap, Nessus, Qualys, Metasploit and other security tools.
• Strong knowledge of the OWASP Testing Methodology.
• Strong understanding of security protocols, such as SSL/TLS, SSH, and HTTP.
• Knowledge of cloud security platforms, such as AWS, Azure, and Google Cloud.
• Knowledge of networking protocols and the OSI Model.

Your mandatory soft skills and qualities:

• Team player with ability to communicate effectively, collaborate and share knowledge with colleagues.
• Goal-oriented with ability to work independently and as part of a team.
• Able to work on multiple projects simultaneously with ability to prioritise tasks, manage time, and staying organised.
• Strong analytical and problem-solving skills.
• Strong work ethic, attention to detail and documentation skills with ability to provide written deliverables to a high standard.
• Ability to translate technical details into language understandable by C-level executives.
• Passion for what you do.

Your complementary technical skills:

• Hands-on with programming languages, databases and IoT.
• Knowledge of containerisation technologies, such as Docker.
• Experience with Attack & Threat Modelling.
• Red Team testing and social engineering attack methodologies.
• Working knowledge of CobaltStrike.
• Experience with bug bounty programs and vulnerability disclosure policies.

Your education, training and experience:

• Bachelors in Cybersecurity/Computer Science is preferred.
• A minimum of 3-5 years of hands-on testing experience and, ideally, two or more of the following professional qualifications: CREST CRT, OSCP, OSCE, CCT or equivalent.