Senior Security Penetration Tester

Join us as a Senior Security Penetration Tester

• Take on a new challenge and use your specialist knowledge to support the wider bank in building and operating secure services that protect both colleagues and customers
• You’ll act as a subject matter expert in a security related field, making sure that the security implications of the backlog are understood in the right way, building security early into design
• You’ll be joining an exciting and fast‑paced area of the bank, where you can expect great exposure both for you and your work

As a Senior Security Penetration Tester, you’ll work at a domain level to understand and ensure robust security is continuously considered and incorporated at every stage, programme increment and feature team delivery.

You will be responsible for conducting penetration testing, looking for vulnerabilities with real business impact. NatWest Group have a wide range of systems and services ensuring a variety of test scenarios.

You’ll also:

• Conduct security testing such as Web Application and API testing independently and as part of a team for larger projects
• Scope and refine requirements to deliver value for money and meaningful testing
• Engage with customers to offer a high level of service to bank’s internal project teams to assist getting projects into production securely
• Maintain a high level of skills and keep up to date with vulnerabilities in modern web application systems, Network, Mobile, Thick Client, and Cloud testing
• Support with the identification of risks, while contributing to risk management strategies to achieve business objectives and customer outcomes
• Use specialist knowledge to support the wider organisation in building and operating secure services that protect both colleagues and customers
• Make complex or technical issues actionable by colleagues through effective communication
• Building and leveraging relationships with colleagues across the group and where appropriate, with third parties, to make sure decisions made are commercially focused and create long term value for the organisation

You’ll need penetration testing experience and knowledge of technology security controls within the security technology specialism along with an understanding of Agile methodologies.

You’ll also require experience of managing penetration testing assignments, including scoping, delivering tests and producing high quality reports in line with good industry practice, as well as familiarity with testing tools like Burp Suite and common app store extensions, plus Metasploit, nmap, and Nessus.

You’ll also demonstrate:

• Experience with one of the certification, such as, OSCP/OSWA, CRT/CSTM, CWES/CPTS, BurpSuite Certified Practitioner CREST, Cyberscheme, Tigerscheme or Offensive security
• An understanding of the OWASP Top Ten vulnerabilities, how to identify and exploit them
• Excellent verbal and written communication skills and able to adapt for technical and non-technical audiences
• Strong communication skills, ability to write technical reports, detailed presentation and documentation
• Experience of providing accurate reports with well-evidenced issues demonstrating the full impact of any identified vulnerabilities
• Strong analytical and problem solving skills