Hargreaves Lansdown plc
,
Bristol, Bristol
Security Testing Consultant
|
Job Type: Full-time |
---|
Overview
Hargreaves Lansdown is the UK's largest and most successful investment supermarket for private investors. For more than 35 years, we have helped investors save time, tax and money on their investments. Today we are trusted with more than £100 billion by over 1 million clients. Our mission is simple, we're here to empower people to invest and save with confidence. We are seeking a well organised, experienced penetration tester to bring further wisdom and experience to our growing internal security testing team. The responsibilities of the role include the execution of penetration tests on both internal and external facing systems, whilst also acting as a contact point for technical advice to the wider business, championing the enhancement of security defences. Reporting to the Security Testing Manager, the role will also involve analysis of systems from a security standpoint, creation, review and signoff of scoping documentation, as well as the technical and professional mentoring of more junior testers. Based from our harbour-side offices in Bristol, the role involves not only delivering pen tests, but co-coordinating with multiple stakeholders including team analysts, management, system subject matter experts, project managers, and external pen testing suppliers. This is an extremely technical role, which requires someone with a passion for technology, and experience of information security practices, as well as hands on penetration testing. Key Duties and Responsibilities: Proactively perform penetration tests in line with the schedule, team methodologies, for both new projects and BAU. Produce reports in a timely manner, to agreed standards and time frames. Maintain knowledge of, and raise awareness of current vulnerabilities, tools, and exploitation techniques. Champion and enhance the team strategy defined by the Security Testing Manager and analysts within the team. Take a lead in the planning of penetration tests, taking on responsibility for ensuring all pre requisites are in place, taking into account risks, selecting best approaches, estimating time, effort and cost of activities. Suggest and implement process improvements, using new technologies and streamlining procedures Provide advice to the wider business on best security practices. Create proof of concepts to demonstrate vulnerabilities to the wider business. Adhere to deadlines, prioritise work and provide progress reports. Maintain documentation in line with team and audit requirements. Cultivate strong working relationships with the team, InfoSec, IT department, and the wider business, ensuring interactions are constructive and efficient. Requirements Essential Skills and Experience: An information security based qualification (for example CompTIA Security or equivalent) A recognised pen testing accreditation (for example Certified Ethical Hacker, Offensive Security certified Professional (OSCP), QSTM, Check Team Member etc) Minimum 3 years experience as an active penetration tester Good understanding of Information Security Practices Excellent understanding of Penetration Testing techniques and tooling and a proven ability to apply them to testing Knowledge to perform manual tests when automation tools are not available Knowledge of a range of technologies from legacy to leading edge, both on servers and clients. Knowledge of enterprise architecture and infrastructure Experience of pen testing both Windows and Linux/Unix Experience of pen testing web applications, API’s, server infrastructure, firewalls, databases and thick client applications Desirable Skills and Experience: Degree educated within an IT based field. Crest Accreditation, or multiple qualifications from the essentials field. Knowledge of PCI and GDPR frameworks. Experience of pen testing financial systems. Experience of pen testing mobile apps.