Lead Penetration Tester (PROJ-4740)
Job Description
Remote is seeking a Lead Penetration Tester to join the team in ASD. The Lead Penetration Tester will plan, conduct and report on penetration testing activities across ICT applications and gateway infrastructure, using relevant techniques, frameworks and tools to identify and assess security vulnerabilities.
The role will involve developing test plans and procedures, documenting testing approaches, techniques and outcomes, and preparing clear reports that outline findings, risks and recommended technical remediation options. The Lead Penetration Tester will support improved security outcomes by providing practical advice on vulnerabilities and helping inform appropriate mitigation activities. ( LH-06948)
Role Description
Key duties and responsibilities
- Conduct penetration testing of ICT applications and gateway infrastructure.
- Utilise a number of penetration testing techniques, frameworks and tools.
- Develop specific plans and procedures for penetration tests.
- Record approaches, techniques and results for reporting.
- Create and maintain reporting on penetration tests and recommend technical solutions for identified vulnerabilities.
Essential criteria
- Digital forensics: Level 4 (SFIA)
Designs and executes complex digital forensic investigations on devices. Specifies requirements for resources and tools to perform investigations. Processes and analyses evidence in line with policy, standards and guidelines and supports the production of forensics findings and reports.
- Penetration testing: Level 5 (SFIA)
Plans and drives penetration testing within a defined area of business activity. Delivers objective insights into the existence of vulnerabilities, the effectiveness of defences and mitigating controls. Takes responsibility for the integrity of testing activities and coordinates the execution of these activities. Provides authoritative advice and guidance on all aspects of penetration testing. Identifies needs and implements new approaches for penetration testing. Contributes to security testing standards.
- Penetration Testing and conducting Simulated Attack Exercises: Level 5 (CIISEC)
Uses commercial and bespoke tools to conduct complex penetration testing without close supervision and/or leads teams undertaking complex penetration tests. Undertakes penetration exploits as part of a simulated attack exercise under direction. Appropriate and relevant certifications include CHECK Team Leader, CREST Certified Tester (Infrastructure or Web Applications) or equivalents.
- Specialist advice: Level 4 (SFIA)
Provides detailed and specific advice regarding the application of their specialism to the organisation's planning and operations. Actively maintains knowledge in one or more identifiable specialisms. Recognises and identifies the boundaries of their own specialist knowledge. Where appropriate, collaborates with other specialists to ensure advice given is appropriate to the organisation's needs.