Security and Penetration Tester
|23 January 2013|
|?competitve + bonus + benefits|
Our Engineering team develop the next generation of Sophos products and technologies for which we’ve become known around the world. They are passionate and clued up on new technologies and products; always looking for ways to revolutionise how security technology interacts with the user; and have a penchant for solving complex and challenging technical problems in a creative manner.
This role will provide the opportunity to exercise all areas of software functionality to detect and report defects which impact security. Additionally you will contribute towards the design and implementation of automated security test systems.
To be successful in this role you will need to have an extraordinary technical background and a passion for security related products. You will have broad security knowledge to include network design, operating systems, firewalls, databases and security architectures; having knowledge and practical experience with vulnerability management and penetration tools. You will have the ability to develop deliverables including a penetration test plan, recommendations for security testing activities and report findings making recommendations on product improvement.
.Demonstrable skills in common types of penetration testing such as web/application and infrastructure testing, wireless network testing, firewall rule set review;
.Proven experience of performing application, network, web- application and wireless penetration testing including exploitation;
.Reverse engineering, binary analysis, antivirus avoidance, and exploit development;
.Strong understanding of open source, freeware, and commercial vulnerability assessment tools;
.Extensive experience with penetration testing and fuzzing frameworks;
.Experience operating within compliance and governance frameworks (PCI, HIPAA, GLBA, NIST, etc…);
.Ability to communicate with other development team members on advanced aspects of subject matter, to deepen the strength and skillsets of the team as a whole;
.Ability to work independently or as part of a team as the situation demands;
.Project delivery leadership including structuring, planning and controlling projects, project delivery and reporting;
.Bachelor’s degree or an associate degree in IT/IS/MIS or Computer Science or equivalent experience.
.Proven in depth experience with programming/scripting languages;
.Background performing incident response and digital forensics;
.Experience performing social engineering assessments;
.Technical certifications such as: OSCP, OSCE, GWAPT, GPEN, GCIH, CISSP, CISA, CISM, CEH;
.Ability to communicate at all levels within an organization;
.Presenting to and liaising with other development team members on findings, methodologies and processes;
Leave a reply