Penetration Tester

• About the Role
  As a Penetration Tester on our InfoSec team, you'll play a crucial part in strengthening our organization’s Information Security by focusing on web application penetration testing. You will contribute to enhancing our ability to identify, assess, and mitigate vulnerabilities within web applications, improving our overall security posture. Your responsibilities will include running targeted penetration tests, simulating adversarial tactics, and collaborating with both development teams and defensive security counterparts to address vulnerabilities.

  We’re looking for someone with hands-on experience in web application security, a solid understanding of penetration testing techniques, and a passion for staying ahead of emerging threats. If you’re eager to drive real improvements to our security practices and work within a dynamic team, this position will offer opportunities to sharpen your skills while making a significant impact on our security program.

  In this role, you will:

  • Perform web/API/mobile/code review/thick client application penetration testing and other testing where appropriate and as required (such as network, cloud, IoT);

  • Perform vulnerability/attack surface assessments and provide findings with remediation actions to leadership and device/software owners;

  • Provide well-written, concise, technical and non-technical reports in English;

  • Coordinate with development and engineering teams on remediating vulnerabilities;

  • Partner with our Security Operations Center (SOC) / Threat Hunt Team to operationalize new detection concepts

  • Coach and mentor team members where appropriate;

  • Perform any other appropriate job duties in line with the associated skill and experience of the post holder.

   

  The skills you’ll bring include:

  • Ideally 2-4 years of experience as a Web Application Penetration Tester with industry recognised security certifications (OSWE, CCT APP);

  • Proven industry experience with offensive security tools (such as Burp Suite, Postman, SAST/DAST tooling);

  • Strong understanding of OWASP and MITRE ATT&CK framework;

  • Demonstrable knowledge of how modern applications are designed and deployed across different platforms and how to abuse workflow logic;

  • Ability to program or script in your preferred language;

  • Experience leading web application penetration testing projects and acting as a lead technical point of contact;

  • Capable of working independently with minimal supervision

    We know that the best ideas and solutions come from multi-dimensional teams. That’s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy - apply today.