____________________
______________________
_______________________
____________________
____________________
_________________________
______________________
_______________________
______________________
_________________________
About The Role The Continuous Security Testing service is a consultant led vulnerability identification and verification service which makes use of automated vulnerability scanning along with significant manual testing against a broad scope in a continuing engagement. The purpose of the service is to continually monitor a customer's external attack surface for new vulnerabilities, changes in the scope of the attack surface, and proactively inform customers of discovered issues along with recommended remediation; with the overall aim of reducing the lifetime of each vulnerability. Manual testing includes identification of issues which automation alone could not identify, exploitation of all issues, often chaining multiple findings together in order to determine the true impact of vulnerabilities for the customer. Pre-engagement activities including scoping of assessments and statements of work and determining customer requirements and restrictions. On boarding customers into the service including configuration of continual scanning and liaising with customer to resolve issues which may reduce the effectiveness of scanning. Monitoring of the customers' external perimeter for changes, and proactive discovery of new targets to include within the customer's scope. Manual identification and exploitation of vulnerabilities. Manual verification and exploitation of scanner findings. Detailed analysis of issues identified and exposure for the customer including proof of concept, reproduction steps, and recommended remediation. Communication of findings to the customer in a detailed, accurate and manageable manner both orally and through written vulnerability/scope notifications and periodic summaries. Assisting in the continual development of the team and service through research and development activities. This includes the development of in-house tools the implementation of tools released to the community, and design and documentation of new and existing internal systems and processes. Continual professional development to maintain and develop knowledge and technical competencies. Maintain professional technical qualifications to demonstrate competency to our clients. Contributing to the writing and publishing of whitepapers and advisories. Undertaking projects and support tasks as appropriate to the role. About You Essential Technical: Core computing skills including but not limited to: Networking fundamentals - understanding of OSI Model, TCP/IP, HTTP, DNS, SMB, SMTP and relevant tools. Microsoft Windows and Office proficiency along with proficiency in one or more Linux distributions. Strong knowledge of web application technologies and security assessment including but not limited to: REST APIs, SOAP APIs, XML and JSON formats. Vulnerability identification and exploitation (not limited to OWASP Top 10). Experience with common assessment tools such as MITM proxies (e.g. Burp Suite Pro) and SQLMap. Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to: Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualisation, databases, switches/routers, etc). Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell, or Bash, for the development of new, or editing existing, tools. Essential Experience: Providing remediation advice Producing accurate technical reports Working under pressure of deadlines and structuring workload accordingly Problem-solving, helping others to understand complex ideas Essential General: Client facing, able to confidently and professionally represent the company Must be self-motivated and able to work in an independent manner as well as part of a team Excellent written and oral communications skills Positive, collaborative and enthusiastic Appetite to shadow, train and develop to improve capabilities into all areas of security testing In addition, the following are highly desirable: CPSA, CRT, OSCP or equivalent reputable information security certifications Familiarity with testing cloud environments Public speaking experience
About The Role Essential Roles & Responsibilities Perform assessments against the Claranet developed Microsoft 365 Certification on behalf of Microsoft Provide timely communication with ISVs to ensure continued progression through assessments that have started Provide ongoing support to ISVs looking to start an assessment or already progressing through an assessment Liaise with Microsoft in support of deliver of the Microsoft Project Participate in ISV calls to; provide Q&A (question and answer) support for ISVs wanting to start the assessment, performing remote assessment activities, etc. Where appropriate, provide a mentoring to associate colleagues delivering the Microsoft Project Maintain excellent communication with customers Maintain excellent communication and collaboration with internal teams to support Claranet in meeting its vision Keep up with industry trends, emerging threats, and technological advancements to effectively address new challenges and technologies Where necessary, perform QA (Quality Assurance) reviews of reports produced by the Cyber Security function's GRC team Where appropriated, fulfil or supporting other GRC team members in fulfilling other customer consultancy / projects, such as ISO 27001, cyber security reviews, risk assessments, etc. Where necessary, assist with the development and growth of the Cyber Security function's services offerings Fulfil any re-certification requirements and CPE (Continuing Professional. Education) obligations required to complete duties. Duties may be completed remotely, from our Leeds office or at customer sites as applicable. Therefore, travel to customer sites may be required as will an element of out of hours working when required. Teams to collaborate with Customer Experience and Managed Services - ensure we are consistently providing the best service to our customers, proactively monitoring their needs, and integrating their feedback into our future portfolio and propositions. Customer Success and Growth - ensure that the portfolio is up to date, meets customer needs, enables cross and up selling, and provide pre-sales support when required. Portfolio, Alliances & Technology Practices - support efforts to embed Cyber Practice function services into customer solutions. Finance & Corporate Development - submission of any work-related expenses. About You Behavioural competencies - organisational and behavioural fit Customer facing, able to represent Claranet confidently and professionally Willingness to travel to deliver onsite work as required Ability to identify and work with colleagues to deploy improvements to delivery processes Self-motivated and able to work in an independent manner as well as part of a dynamic team Excellent written and oral communications skills Excellent attention to detail Good numeracy and organisational skills Positive, collaborative, and enthusiastic Critical competencies - technical fit Aptitude for understanding, interpreting, and applying objective standards to specific responses Working under pressure of deadlines and structuring workload accordingly Problem-solving, helping others to understand complex ideas Providing advice and guidance in customer-facing situations Ability to work to tight deadlines, prioritise and manage workload Good knowledge and understanding of security technologies Good knowledge and understanding of networking Ability to quickly learn and understand new skills and technologies specific to the Cyber Security industry Providing advice and guidance in customer-facing situations Take own initiate to expand information security knowledge Ability to write concise, accurate and timely reports Desirable competencies Any exposure to audit frameworks; PCI DSS, ISO 27001, NIST, SOC 2, etc. Exposure to Amazon's and/or Microsoft's cloud platforms. GDPR Experience SOC 2 Experience NIST Experience Full UK driving license (for UK recruitment) Experience managing client projects. Information security consulting experience.