- Fully Remote - North East HQ - Permanent - No Sponsorship Options*
The company:
A private TechForGood business in the North East is going through a process of global expansion and is looking for a Penetration Tester to drive excellence across security practices. Over the past 4 years, they have grown from a team of 20 to 250 and have quadrupled their profits. They work across a range of practices within a specific sector, and the use of technology makes a genuine difference in people's lives.
The role:
This is an internally focussed role, focussed on testing a range of core applications for the business. This business grows throguh mergers and aqusitions, so you will be responsible for ensuring that new applications, software and products can be integrated safely and with minimal risk. Alongside this, you will need knowledge of governance, risk and compliance practices, to ensure that the applications are secure. You will have the opportunity to grow this role significantly as the business is looking to triple in the next few years, you will have training and development budget, and they will be looking for you to put your own stamp on how pen testing is done for the business. You will also collaberate with an external pen testing team, and define what this servcie looks like for the business.
Day to day of the role:
- Conduct application security assessments and manage external penetration tests, including any necessary remediations.
- Develop, implement, and maintain application security policies, standards, and procedures.
- Act as a InfoSec representative, promoting secure design principles in application development projects.
- Lead the integration of security tools, standards, and processes into the software development lifecycle (SDLC).
- Provide expert guidance and leadership to development teams on remediating identified security vulnerabilities.
- Document and manage product vulnerability and risk management programs.
- Perform periodic security reviews and threat modelling.
- Implement a secure coding framework, incorporating best practices, and provide secure coding education to software developers.
- Stay updated on the latest security trends, vulnerabilities, and countermeasures; adjust security practices accordingly.
- Collaborate with other teams to ensure a unified and comprehensive security strategy.
Key skills required:
- Good understanding of OWASP top10
- Ability to present findings to a wide range of individuals
- Cloud security understanding
- ISO 27001 understanding
- Risk Management experience
- Incident Management
Benefits include:
- 28 Days annual leave + public holidays
- Holiday buy scheme
- Enhanced company pension
- Company bonus scheme
- Share options
- Sick pay scheme
- Income protection
- Private health insurance cash plan
- Life assurance
- Flexible benefits including discounted gym, cycle to work, technology scheme, shopping discounts etc.
Permanent/ 37.5 hours/ 1 day per week in office/ Monday – Friday/ CISO
Next Steps? If you would like to know anything more about this role or even just want to hear what other Infrastructure, Cloud and Security positions I have that may also be a good match for you then please apply to this advert / or catch me on LinkedIn "Hayley Bee
You must be fully eligible to work in the UK to apply to this position and be able to travel into office on occasion