Vacancy - Penetration Test Consultant
To apply send an email outlining the reasons for your interest with attached current CV to: careers@commissum.com
The Role
An opportunity for an enthusiastic candidate with strong experience in penetration/security testing/ethical hacking. The role will involve, depending on experience, some or all of infrastructure testing, application testing, VOIP testing, Wi-Fi testing, security research, report writing, dealing with customers via phone conference, technical presentations face to face, and depending on experience, other forms of IT security consultancy.
Candidates should have experience as a dedicated Penetration Tester or in a role which involves a significant amount of penetration testing, either with a penetration testing company, a security consultancy or as part of a corporate penetration testing team or IT Security team. There will be the opportunity to gain CREST qualifications, as well as in the future the possibility of developing experience in other areas of information security consulting.
The candidate needs to demonstrate strong technical testing and diagnostic skills, together with excellent numerate and analytical skills with a structured approach to problem solving. With high integrity and an eye for quality and excellence, they will have excellent communication and time management skills and display a passion for IT security.
Candidates must be prepared to commit themselves to full independent background checking if selected for this role.
Key qualities, skills & experience
Essential qualities
The successful candidate will be:
- Fully committed to our core values of integrity, commitment and excellence
- Self-motivated while being an approachable team player with strong team ethics
- Able to work alone with minimal supervision
- Accustomed to communicating clearly across a wide range of technical abilities
- Used to working to strict deadlines and targets as defined by managers and clients
- Prepared to travel if required and work in different locations on occasions for periods of time
- An EU/UK national
Essential Skills & Experience
- Experience as a Penetration/Security Tester/Ethical Hacker
- Familiarity with working to OSSTMM and/or OWASP guidelines
- A sound working knowledge of common commercial and/or open source vulnerability assessment tools and techniques used for evaluating operating systems, networking devices, databases and web applications
- Strong knowledge of IP networking protocols
- Experience of working in a Linux and Microsoft Environment
- Shell scripting experience (e.g. Powershell, Ruby, Bash, Perl)
- Excellent report writing skills (using Microsoft Word)
- Good spoken English and excellent written English
Desirable Skills & Experience
- Relevant certifications such as CEH, OSCP, CHECK, CREST, TIGER, are desirable
- Knowledge or experience of ISO27001
- Knowledge/experience of modern programming languages and web/application development in some or all of the following programming languages: C, C#, PHP, JAVA, .NET
- Ability to explain the output of penetration testing to non-technical professionals
- Experienced in security testing of web based applications and services, and databases
- Experience of incident response and investigation
- Experience of pre-sales technical consultancy, defining scope and estimating client work and contributing to and reviewing proposals to clients
- Experience of internal reviews of network environments, including network devices and server configuration/lock-down
- Experience of security assessments in a PCI DSS Audit environment
- SC or DV clearance
- Experience of leading penetration test assignments
- Experience of training/mentoring less experienced staff
- Experience of managing relationships with clients
- Current UK/EU driving licence
On Offer:
- An excellent remuneration package dependent on experience
- Ability to work from home
- Opportunity to participate in the growth of the company and directly influence its success
To apply send an email outlining the reasons for your interest with attached current CV to: careers@commissum.com
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum recently provided us with services to assess a web application and supporting infrastructure. I was impressed with the consultants throughout the project, by their technical knowledge, flexibility, open communication and willingness to go that extra mile. Of particular benefit was the sound advice given both during and after the engagement. By identifying vulnerabilities promptly, accompanied with practical recommendations on how to address them. We were able to implement improvements quickly. Good value, a job well done.”
JM, Infosec Analyst, International Investment Bank
Latest News
Leading USA military contractor QinetiQ hacked and ransacked by Chinese hackers for three years
A new report from Bloomberg, the business information provider (www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html) outlines how hackers from China stealthily infiltrated the computer systems of QinetiQ North America, a leading espionage and military contractor to the US government, and the US branch of the British defence technology company QinetiQ. A vast range of highly ...Wed 08 May, 2013 //
Suspected hacker arrested after “biggest-ever DDoS attack”
Police in Spain have arrested a Dutch national on suspicion of launching the largest-ever “Distributed Denial of Service” (DDoS) attack. Sven Olaf Kamphuis, 35, was arrested on April 25th near Barcelona, Spain. At the time, he was in possession of a specially-equipped van set up as a mobile computing and ...Tue 30 Apr, 2013 //
Hackers break into large cloud provider, claim to have credit card details
Some days ago, hackers gained access to computers owned by Linode, a company providing cloud services in the form of virtual Linux servers. The hackers gained access by using a “zero-day vulnerability” (a previously unsuspected security weakness) in Adobe ColdFusion, the software used in running the Linode web server. It ...Fri 26 Apr, 2013 //
