Senior Penetration Tester

This role reports to the Head of Information Security and requires a fast-learning and self-motivated individual to add capability and capacity to our small but highly effective team.

Information Security is evolving to dynamic business needs a rapidly changing threat environment and the firms own ambitious IT Strategy. This role will help play a key part in implementing and improving the underlying processes required to provide a structured systematic and audited approach to Information Security across the firm. The role will have clear areas of focus combined with periodic involvement in a broad spectrum of information security activities. This is a pivotal role within the Information Security Team.

The ideal candidate should possess comprehensive experience and knowledge in security testing and red teaming with the ability to effectively communicate these concepts within the firm.

The candidate should have a background in information security and be capable of conducting a wide range of security testing and red teaming activities as well as providing advice and guidance to the business. This role involves will also involve coordinating external security requirements identifying areas for continuous improvement in security services and ensuring the effective execution of security testing and red team exercises. The candidate will address the evolving security needs of the business and should have a strong background in delivering actionable results

The candidate must be able to quickly assimilate information to assess and document risks engage with individuals at various levels of seniority and balance the need to gather information. They should consistently demonstrate how Information Security aligns with the firms business objectives and our clients need for information assurance. An organised approach to managing and prioritising multiple concurrent assignments is essential.

A degree-level education is likely but not essential as CREST / CHECK / OSCP / OSWE / OSWA status and having various qualifications or full membership status with the IISP would be highly advantageous. This role may in the future expand to require security clearance.

This role may expose the candidate to our external clients so it is important that this candidate be able to maintain good working relations and strive to build bridges even in challenging circumstances

Experience in developing and using structured documentation process format logical content version control etc is also important.

When you join Clifford Chance you will have access to a broad range of benefits to support you across many aspects of your personal and professional life including financial wellbeing lifestyle and family friendly benefits. For more information on what we offer specifically in the UK please visit our What We Offerpage on our career site.

This role follows our balanced hybrid working approach and as long as business needs allow you will be supported to work in a hybrid way with the expectation of working from the office for a minimum of 50% of your time.

At Clifford Chance we understand that our true asset is our people. Inclusion is good for our team and their families our firm and society.

We are committed to treating all employees and applicants fairly and equally regardless of their gender gender identity and expression marital or civil partnership status race colour national or ethnic origin social or economic background disability religious belief sexual orientation or age. This applies to recruitment and selection terms and conditions of employment including pay promotion training transfer and every other aspect of employment.

We have a variety of flourishing employee networks. These networks are a place for colleagues to share experiences and advocate for change wherever they see an opportunity for improvement.

Our goal is to deliver an equality of opportunity an equality of aspiration and an equality of experience to everyone who works in our firm.

Find out more about our inclusive culture here

Test Cases,Performance Testing,Quality Assurance,Functional Testing,Agile,LoadRunner,User Acceptance Testing,Jira,Software Testing,Test Automation,HP ALM,Selenium

• Conduct thorough Red Team offensive penetration testing on our IT (on prem and cloud) infrastructure to identify vulnerabilities and provide recommendations for remediation.
• Perform security assessments on cloud-based applications ensuring they adhere to industry standards and best practices.
• Execute red team exercises to simulate real-world attack scenarios testing the firms detection and response capabilities both internal and external.
• Assess and test the security of internally deployed infrastructure IoT devices and sensors identifying potential vulnerabilities and ensuring they are secure.
• Assess and test our SmartBuilding digital landscape and data lake.
• Assess and test identified web-based APIs and applications for vulnerabilities and recommend where required actions to resolve the vulnerabilities.
• Provide guidance to internal teams on API security testing and secure practices as well as carrying out API security assessments.
• Work with wider stakeholders on developing testing models for Generative A.I security.
• Work with wider teams to assess the security testing landscape and make sure we reduce vulnerabilities to minimise security incidents where appropriate and practical.
• Collaborate with cross-functional teams to implement security measures and enhance the firms overall security posture.
• Prepare detailed reports and presentations on findings offering actionable insights to both technical and non-technical stakeholders.
• Stay informed about the latest security trends threats and technologies to proactively address potential risks.
• Assist in developing and maintaining security policies procedures and guidelines.
• Serve as the key point of contact for all matters related to security testing engagement.
• Collaborate with stakeholders to continually enhance efficiencies and maintain compliance with client and external audit requirements.
• Utilise data and stakeholder feedback to drive continuous improvements in security testing.
• Support the security team by focusing on key knowledge and behaviours empowering colleagues to become informed security contacts within their teams and helping peers resolve security issues.
• Research and analyse existing security policies standards and resources to identify areas where additional training or guidance is needed.
• Participate in the evaluation selection and implementation of security testing technologies.
• Stay informed about emerging threats and trends integrating this knowledge into the security testing processes
• Support the firms certification activities such as ISO27001 SOC2 and Cyber Essentials Plus by assisting with audits documentation and continuous improvement efforts.
• Engage with security industry groups and collaborate with external industry partners to stay aligned with best practices and industry standards.