Pen Test Analyst

Pen Test Analyst
Full Time
Permanent
Hybrid (2-3 days per week in London office SE1 7ND)
£55 - 65K basic plus benefits

Are you an experienced OSCP, CEH or GPEN certified Pen Tester looking for a new challenge?

Do you have experience in penetration testing, security assessments and vulnerability assessment with a strong background in network security, application security, and security architecture?

Here at ARM we are recruiting for a full time permanent Pen Test Analyst for a global IT services and consultancy client of ours.

Our client:
They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

Overview:
The Penetration Test Analyst is responsible for conducting penetration testing and security assessments to identify vulnerabilities and weaknesses in the organization's IT infrastructure, applications, and systems. This role involves executing testing methodologies, analyzing results, and providing detailed reports and recommendations for mitigating security risks. The Penetration Test Analyst works closely with other security and IT teams to enhance the organization's security posture and ensure compliance with security standards.

Responsibilities:
Penetration Testing:

• Perform penetration tests on networks, applications, and systems to identify vulnerabilities and security weaknesses.
• Utilize a variety of testing tools and techniques to simulate real-world attacks.
• Document and analyze testing results to identify security issues and assess their impact.

Vulnerability Assessment:

• Conduct vulnerability assessments and security audits on IT assets.
• Assist in the development of testing methodologies and scripts to identify potential security threats.
• Provide detailed reports with findings, risk assessments, and remediation recommendations.

Security Research and Development:

• Stay current with the latest security threats, vulnerabilities, and attack vectors.
• Research and evaluate new penetration testing tools, techniques, and methodologies.
• Share knowledge and findings with the security team and contribute to continuous improvement efforts.

Collaboration and Communication:

• Work closely with IT and development teams to understand the technical environment and provide security guidance.
• Communicate complex technical issues and security risks to non-technical stakeholders in a clear and concise manner.
• Collaborate with other security teams to develop and implement comprehensive security strategies.

Compliance and Standards:

• Ensure that penetration testing activities comply with relevant laws, regulations, and industry standards (e.g., PCI-DSS, ISO 27001).
• Assist in the development and maintenance of security policies, procedures, and guidelines.
• Participate in audits and assessments to ensure compliance with security requirements.

Incident Response:

• Assist in the investigation and response to security incidents and breaches.
• Provide expertise in identifying attack vectors and mitigating threats during incident response activities.
• Develop and maintain incident response procedures and playbooks.

Qualifications:
Education:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Relevant certifications (e.g., OSCP, CEH, GPEN) are preferred.

Experience:

• Min 2yrs+ of experience in penetration testing or security assessments.
• Proven experience in conducting penetration tests and vulnerability assessments.
• Strong background in network security, application security, and security architecture.

Skills:

• In-depth knowledge of penetration testing tools and techniques (e.g., Metasploit, Burp Suite, Nmap).
• Strong analytical and problem-solving skills with the ability to identify and mitigate complex security issues.
• Excellent communication and interpersonal skills with the ability to engage and influence stakeholders at all levels.
• Proficiency in scripting and programming languages (e.g., Python, Bash, PowerShell).

Preferred Qualifications:

• Relevant certifications such as OSCP, CEH, GPEN, or similar.
• Experience with cloud security and testing in cloud environments (e.g., AWS, Azure, GCP).
• Familiarity with regulatory compliance requirements and industry standards.

Personal Attributes:

• Detail-oriented with strong organizational and multitasking abilities.
• Proactive and self-motivated with a commitment to continuous improvement.
• Ability to work effectively both independently and as part of a team.
• Strong ethical principles and integrity.

Working Conditions:

• This position may require occasional evening and weekend work to meet testing deadlines and respond to security incidents.
• Travel may be required for client engagements, training, or conferences.

Some of the benefits include:

• Healthcare and dental insurance
• Company pension is matched up to 5%
• 25 days annual leave entitlement plus bank holidays and the option to purchase 5 extra days
• Life assurance - 4 x annual salary
• Cycle to work scheme
• Client prioritises internal development opportunities and offer access to our Udemy training platform with over 5000 training courses

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.