£65K/yr to £75K/yr
London, England
Permanent, Variable

Pen Test Lead

Posted by Advanced Resource Managers Limited.

Pen Test Lead
Full Time
Permanent
Hybrid (2-3 days per week in London office SE1 7ND)
£60 - 70K basic plus benefits

Are you an experienced OSCP, CEH, OSCE or CISSP certified Pen Test Lead looking for a new challenge?

Do you have experience in penetration testing, security assessments and vulnerability assessment with a strong background in network security, application security, and security architecture?

Here at ARM we are recruiting for a full time permanent Pen Test Lead for a global IT services and consultancy client of ours.

Our client:
They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

Overview:
The Pen Test Lead is responsible for leading and conducting penetration testing and security assessments to identify vulnerabilities and weaknesses in the organization's IT infrastructure, applications, and systems. This role involves developing testing methodologies, managing testing projects, and providing detailed reports and recommendations for mitigating security risks. The Pen Test Lead collaborates with other security and IT teams to enhance the organization's security posture and ensure compliance with security standards.

Responsibilities:
Penetration Testing:

  • Plan, execute, and lead pen testing engagements on networks, applications, and systems.
  • Develop custom testing methodologies and scripts to identify vulnerabilities and security weaknesses.
  • Conduct advanced pen tests to simulate real-world attacks and assess the effectiveness of security controls.

Vulnerability Assessment:

  • Perform comprehensive vulnerability assessments and security audits.
  • Analyze and interpret testing results to identify security issues and assess their impact.
  • Provide detailed reports with findings, risk assessments, and remediation recommendations.

Security Research and Development:

  • Stay current with the latest security threats, vulnerabilities, and attack vectors.
  • Research and develop new penetration testing tools, techniques, and methodologies.
  • Share knowledge and findings with the security team and contribute to continuous improvement efforts.

Collaboration and Communication:

  • Work closely with IT and development teams to understand the technical environment and provide security guidance.
  • Communicate complex technical issues and security risks to non-technical stakeholders in a clear and concise manner.
  • Collaborate with other security teams to develop and implement comprehensive security strategies.

Compliance and Standards:

  • Ensure that pen testing activities comply with relevant laws, regulations, and industry standards (e.g., PCI-DSS, ISO 27001).
  • Assist in the development and maintenance of security policies, procedures, and guidelines.
  • Participate in audits and assessments to ensure compliance with security requirements.

Team Leadership and Mentorship:

  • Lead and mentor a team of penetration testers and security analysts.
  • Conduct performance reviews and develop training plans for team members.
  • Foster a collaborative and innovative environment within the pen testing team.

Incident Response:

  • Assist in the investigation and response to security incidents and breaches.
  • Provide expertise in identifying attack vectors and mitigating threats during incident response activities.
  • Develop and maintain incident response procedures and playbooks.

Qualifications:
Education:

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Experience:

  • Min 5yrs+ experience in pen testing, with at least 2yrs in a leadership or senior role.
  • Proven experience in conducting advanced pen tests and security assessments.
  • Strong background in network security, application security, and security architecture.

Skills:

  • In-depth knowledge of pen testing tools and techniques (e.g., Metasploit, Burp Suite, Nmap).
  • Strong analytical and problem-solving skills with the ability to identify and mitigate complex security issues.
  • Excellent communication and interpersonal skills with the ability to engage and influence stakeholders at all levels.
  • Proficiency in scripting and programming languages (e.g., Python, Bash, PowerShell).

Preferred Qualifications:

  • Relevant certifications such as OSCP, OSCE, CISSP, CEH, or similar.
  • Experience with cloud security and testing in cloud environments (e.g., AWS, Azure, GCP).
  • Familiarity with regulatory compliance requirements and industry standards.

Personal Attributes:

  • Strategic thinker with the ability to align security testing activities with business goals.
  • Detail-oriented with strong organizational and multitasking abilities.
  • Proactive and self-motivated with a commitment to continuous improvement.
  • Ability to work effectively both independently and as part of a team.
  • Strong ethical principles and integrity.

Working Conditions:

  • This position may require occasional evening and weekend work to meet testing deadlines and respond to security incidents.
  • Travel may be required for client engagements, training, or conferences.

Some of the benefits include:

  • Healthcare and dental insurance
  • Company pension is matched up to 5%
  • 25 days annual leave entitlement plus bank holidays and the option to purchase 5 extra days
  • Life assurance - 4 x annual salary
  • Cycle to work scheme
  • Client prioritises internal development opportunities and offer access to our Udemy training platform with over 5000 training courses

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.

Related

We use cookies to measure usage and analytics according to our privacy policy.