Lead Penetration Tester

Join to apply for the Lead Penetration Tester role at SITA

2 days ago Be among the first 25 applicants

Join to apply for the Lead Penetration Tester role at SITA

Overview

WELCOME TO SITA

We're the team that keeps airports moving, airlines flying smoothly, and borders open. Our tech and communication innovations are the secret behind the success of the world's air travel industry.

You'll find us at 95% of international hubs. We partner closely with over 2,500 transportation and government clients, each with their own unique needs and challenges. Our goal is to find fresh solutions and cutting-edge tech to make their operations run like clockwork. Want to be a part of something big?

Are you ready to love your job? The adventure begins right here, with you, at SITA.

PURPOSE

As a Lead Penetration Tester, part of the SITA Enterprise Information Security Office, you will assess SITA infrastructure and products to identify information security weaknesses and provide remediation strategies. You will also contribute to the automation of security testing as part of the product development lifecycle.

Key Responsibilities

• Conduct authorized assessment of infrastructure and applications to proactively identify security weaknesses.
• Verify weaknesses by leveraging attacker techniques to evaluate the difficulty and effectiveness of potential attack from various threat actors.
• Provide comprehensive and actionable recommendations to counter the threat posed by identified security weaknesses, given the applicable threat landscape.
• Bring an offensive mindset to the design of internal solutions and provide input to the selection of countermeasures and security controls through technical risk assessment.
• Report findings to technical audiences (e.g.: product development teams, IT, operations), and to business management and leadership, indicating the impact to the business of verified weaknesses found.
• Research and develop testing tools, techniques and processes.
• Assist incident response and security threat surveillance functions to advise on current attacker tools, techniques and procedures.
• Contribute to the continuous improvement of security processes, tools and techniques to counter threats faced by SITA and our customers.
• Contribute to the automation of security activities as part of the DevOps lifecycle.
• Provide guidance on secure product design: Threat Modelling, architecture reviews.
  
  
  

Qualifications

EXPERIENCE

5-7 years' experience in at least three of the following fields:

• Network penetration testing
• Web and mobile application assessments
• Cloud penetration testing (Azure, AWS,…)
• Mastery of Unix/Linux/Windows operating systems, including bash and PowerShell, shell scripting or automation of simple tasks using Python, Ruby or Perl
• Developing security test automation as part of a DevOps CI/CD pipeline
  
  
  

Knowledge & Skills

• Excellent ability to think laterally and solve problems in unique ways
• Ability to relate work to the business, understanding the impact to business processes, not just technical impact
• Strong knowledge of attacker tools, techniques and procedures
• Strong understanding of network technologies such as TCP/IP, routing, switching, NAT, Wireless/WiFi, etc.
• Strong ability to research and maintain currency with the latest approaches to penetration testing, including learning new tools and technologies
• Good understanding of security compliance frameworks (e.g. ISO/IEC 27001, PCI DSS, etc.)
• Good understanding of common business applications (e.g. content management systems, application servers, databases, etc.) and how to leverage them in an assessment
• Good understanding of web technologies and how they are commonly subverted (e.g. OWASP Top 10)
• At least a basic understanding of development frameworks (.NET, Java,…)
• Ability to remain calm and methodical under pressure
  
  
  

PROFESSION COMPETENCIES

• Adversarial Thinking
• Cloud Security Assessment
• Exploitation Techniques
• Vulnerability Analysis
• Security pen-testing tool mastery
• Threat Modeling
• Network & Active Directory Security Testing
• Application Security Testing
• Privilege Escalation
• Post-Exploitation Techniques
• Red Team Operations
• Security Standards & Compliance
• Incident Simulation & Reporting
• Scripting & Automation
• Risk-Based Assessment
• Security Advisory
• Research & Innovation
• Technical Writing & Documentation
  
  
  

CORE COMPETENCIES

• Collaboration & Teamwork
• Ethics & Professional Integrity
• Analytical & Critical Thinking
• Communication
• Creativity & Innovation
• Resilience & Adaptability
• Results-Oriented Execution
• Stakeholder Influence
  
  
  

Education & Qualifications

• Masters degree in a technical discipline such as Information Security, Computer Science, Engineering, Telecommunications, Mathematics, Physics, or enough work experience to demonstrate proficiency at this level
• Penetration Testing certification (e.g. OSCP, GPEN) is considered a strong advantage
• Professional security certification (e.g. CISSP, CISA) is a plus
  
  
  

What We Offer

We're all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We're really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it's like to join our team and take a step closer to your best life ever.

Flex Week: Work from home up to 2 days/week (depending on your team's needs)

Flex Day: Make your workday suit your life and plans.

Flex-Location: Take up to 30 days a year to work from any location in the world.

Employee Wellbeing: We have got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health - a personalized platform that supports a range of wellbeing needs.

Professional Development: Level up your skills with our training platforms, including LinkedIn Learning!

Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.

SITA is an Equal Opportunity Employer. We value a diverse workforce. In support of our Employment Equity Program, we encourage women, aboriginal people, members of visible minorities, and/or persons with disabilities to apply and self-identify in the application process.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at SITA by 2x

Get notified about new Penetration Tester jobs in Reading, England, United Kingdom.

Reading, England, United Kingdom 1 day ago

Oxfordshire, England, United Kingdom 3 days ago

Reading, England, United Kingdom 2 weeks ago

Little London, England, United Kingdom 1 month ago

Reading, England, United Kingdom 1 week ago

Oxford, England, United Kingdom 3 days ago

Oxfordshire, England, United Kingdom 3 days ago

Oxford, England, United Kingdom 1 week ago

Frimley, England, United Kingdom 2 months ago

Oxford, England, United Kingdom 1 day ago

Reading, England, United Kingdom 1 week ago

Aldershot, England, United Kingdom 4 months ago

Reading, England, United Kingdom 2 days ago

Hayes, England, United Kingdom 1 week ago

Reading, England, United Kingdom 1 month ago

Reading, England, United Kingdom 2 hours ago

Wokingham, England, United Kingdom 3 weeks ago

Reading, England, United Kingdom 3 days ago

High Wycombe, England, United Kingdom 1 month ago

Reading, England, United Kingdom 1 week ago

Maidenhead, England, United Kingdom 3 days ago

Colnbrook, England, United Kingdom 3 days ago

Oxford, England, United Kingdom 1 month ago

Oxford, England, United Kingdom 1 day ago

Farnborough, England, United Kingdom 5 days ago

Farnborough, England, United Kingdom £60,000.00-£80,000.00 3 days ago

Reading, England, United Kingdom 1 month ago

Farnborough, England, United Kingdom 1 week ago

Windsor, England, United Kingdom 1 year ago

Guildford, England, United Kingdom 3 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.