Penetration Tester

About the Role:

We are seeking an experienced Penetration Tester to join our dynamic security team. In this role, you will be responsible for performing regular penetration testing across our production systems, identifying vulnerabilities and weaknesses, and ensuring the highest level of security in our applications, systems, and infrastructure. You will need to demonstrate a proactive approach in identifying new attack vectors, particularly after system changes, and conduct comprehensive assessments of our security controls end-to-end.

You will focus on finding vulnerabilities, bypassing security controls, and performing code analysis to understand how our security measures can be improved. Your expertise will contribute to maintaining the integrity, confidentiality, and availability of our systems in a fast-paced, evolving environment.

Key Responsibilities:

• Perform regular penetration testing on production systems to identify vulnerabilities and security weaknesses across all layers (network, infrastructure, applications, etc.).
• Evaluate security controls for each area/system within the application and identify potential bypasses or vulnerabilities.
• Analyze source code to identify security flaws and vulnerabilities, particularly after any significant changes or updates.
• Conduct end-to-end security assessments of applications, ensuring all parts of the system are evaluated for security vulnerabilities.
• Use manual and automated testing techniques to assess applications and services across multiple environments.
• Collaborate with development and operations teams to understand system changes and identify potential security impacts.
• Assist in developing and maintaining security testing protocols and methodologies.
• Work closely with incident response teams to understand the exploitation of discovered vulnerabilities.
• Provide actionable recommendations to mitigate and fix identified vulnerabilities.
• Stay up-to-date with the latest security trends, threats, and vulnerabilities, and apply this knowledge to penetration testing efforts.
• Maintain a reporting system to document testing findings, provide clear and actionable remediation advice, and track progress.

Key Skills & Qualifications:

• Proven experience in penetration testing, vulnerability assessments, and security auditing, preferably in the Financial Services sector (though other industries will also be considered).
• In-depth knowledge of penetration testing methodologies, tools, and techniques (e.g., Burp Suite, Metasploit, Kali Linux, etc.).
• Expertise in application security, including the ability to identify vulnerabilities in web, mobile, and API applications.
• Strong understanding of code analysis and familiarity with common security vulnerabilities (e.g., OWASP Top 10).
• Ability to identify security weaknesses post-system or application updates, ensuring ongoing security after changes are deployed.
• Proficiency in multiple scripting or programming languages (e.g., Python, Bash, Ruby, Java, JavaScript).
• Experience in testing production environments and ensuring minimal disruption during testing.
• Strong analytical and problem-solving skills, with the ability to think creatively and outside the box.
• Excellent communication skills, with the ability to explain technical concepts and risks to both technical and non-technical stakeholders.
• Experience with security frameworks, risk management, and security best practices.
• Industry certifications such as CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or similar are highly desirable.

Preferred Qualifications:

• Background or interest in Financial Services (FS) industry is a plus.
• Familiarity with compliance standards (e.g., PCI DSS, GDPR, NIST, etc.).
• Experience in DevSecOps environments and continuous security integration.

There is a opportunity for this be remote but onsite or hybrid is preferred.

Financial services experience is a bonus. 

if the above matches your skillset, please apply, if you are successful we will be in touch.