Penetration Tester

Location: Hybrid - Home/ London/ Warwick/Camberley
Type of Job: Permanent
Ref No: V1199
SFIA Level 3 - Practioner

Cyro Cyber is looking for an Enthusiastic, Proactive, Penetration Tester with a good broad IT knowledge who is keen to learn and develop their skills. 

You'll need to be keen and enthusiastic about advancing your Pen Testing career. You'll need to be able to converse with clients and colleagues in an informative, professional and concise manner, as well as the below:

  • Minimum of 6 months proven experience of pen testing.

  • Good organisation skills, with strong attention to detail and excellent written and verbal communication skills

  • CRT / OSCP / Cyber Scheme accreditation is advantageous but not essential. If you have 6 months plus of proven pen testing experience, you will be considered.

  • Good team ethic and the desire to accelerate your Pen Testing career

  • Proactive in expanding your skills and developing personally

  • Eligibility for UK Security clearance

Role Profile

Your role will be varied to ensure that you will not be pigeonholed as a certain type of Pen Tester. The company want to recruit people in the early stages of their Pen Test career. Some key points about the role:

  • You will perform pen tests and vulnerability assessments, providing the report and recommendations to the clients in a professional and concise manner

  • Potential opportunities to get involved in social engineering and blue teaming.

  • Varied testing work, meaning you will gain exposure to different testing and clients, ensuring you won't be pigeonholed to a certain type of testing

  • Opportunity to learn from and work alongside different Senior Pen Testers

  • Remote working, with occasional travel to client sites

Job Responsibilities:

  • Understand complex computer systems and technical cyber security terms.

  • Work with clients to determine their requirements from the test, for example, the number and type of systems they would like testing.

  • Plan and create penetration methods, scripts, and tests.

  • Carry out remote testing of a client's network or onsite testing of their infrastructure to expose weaknesses in security.

  • Simulate security breaches to test a system's relative security.

  • Create reports and recommendations from your findings, including the security issues uncovered and level of risk.

  • Advise on methods to fix or lower security risks to systems.

  • Present your findings, risks and conclusions to management and other relevant parties, consider the impact your 'attack' will have on the business and its users.

  • Understand how the flaws that you identify could affect a business, or business function, if they're not fixed.

  • Demonstrates extensive expertise in information security, penetration testing, and engineering practices.

  • Present written findings to teams, providing details of the vulnerabilities discovered recommended remediation steps.

  • Analyze, disassemble, and reverse engineer code to discern weaknesses for exploitation.

  • Document technical issues identified during security assessments and incidents and write reports.

  • Follow up on implementation of corrective actions from assessments and incidents.

  • Research security threats and attack vectors.

  • Independently plan and execute penetration tests that maximize the learning opportunity and value of those tests without putting the business at risk.

Candidate should have deep knowledge on

  • Networks and infrastructures.

  • Windows, Linux, and Mac operating systems.

  • Embedded computer systems.

  • Web/mobile applications.

  • SCADA (supervisory control and data acquisition) control systems.

  • Internet of Things (IoTs).

Candidate should have experience on following tasks:

  • Conducting tests on networks and applications.

  • Conducting security audits.

  • Analyzing security policies.

  • Writing security assessment reports.

Excellent Employee Benefits:

Cyro is committed to ensuring that we offer industry leading career opportunities, salary and benefits packages. Join us and you can expect to receive:

·      25 days holiday, including public holidays, plus the option to buy or sell five days each year

·      Company pension scheme

·      A range of family friendly policies

·      An employee-funded car leasing scheme

·      Occupational health support

·      Cyro Rewards Scheme

So why choose Cyro for your next opportunity?

·       To build, run and maintain a successful compliance programme, you need a connected approach – a team you can trust from strategy to support, and everything in between. At Cyro, this is what we do!

·       As part of our team, you could be working with some of the biggest names in the Critical Nation Infrastructure and Service Provider sectors including London Underground, Network Rail, Transport for London, RNLI, MOD and Virgin Media. You’ll help us ensure the most important messages get through – however tough the conditions.

·       Here are just some of the ways we’re different:

o   You’ll go further with us. We understand the importance of career development and will give you all the support you need to realise your potential. You’ll receive formal training, e-learning and mentoring from top professionals. And we offer opportunities to transfer to other sectors – or even different technology areas.

o   You’ll make a difference. You could be working outdoors, battling the elements, or in one of our many offices helping us develop the network infrastructures of tomorrow.

o   You’ll be treated as an individual. We’re not a vast corporation, which means every individual counts. With us, you’ll be valued and supported, involved and empowered from day one.

o   You’ll be well rewarded. We offer salary progression that reflects market rates and personal performance, a flexible working environment and excellent training.

We reserve the right to close this vacancy once we have received sufficient applications.

Cyro is an equal opportunities employer and is committed to diversity and inclusion.

This job description sets out the duties and responsibilities of the job at the time when it was drawn up.  Such duties and responsibilities may vary from time to time without changing the general character of the duties or the level of responsibility entailed.  Such variations are a common occurrence and cannot in themselves justify a reconsideration of the grading of the job.