About the Company

These guys are not your typical security consultancy. They're a group of talented developers, security engineers and DevOps experts who take a deep exploit analysis approach to ensure that their clients' websites, applications, public and private networks, and APIs are as secure as possible. They don't believe in quantity over quality, which is why they provide outstanding communication to their clients and take the time to produce exceptional work. Their company culture is empowering, collaborative, and caring, and they have a very high staff retention rate. They're big on employee well-being and personal growth, which is why they offer unlimited access to paid certifications/courses and flexible work arrangements.

About the role
The Senior Consultant on the offensive Security team is focused on assessing and challenging the security posture across a comprehensive portfolio of clients (lots of software product companies) The individual will utilize a variety of tools developed and act as a key team member in client engagements. They will be the client’s advocate for cybersecurity best practices and will provide strong recommendations in this domain.

Responsibilities 

•  Proven penetration testing abilities, ability to carry out manual penetration tests and use automated penetration testing tools.
• Experience reviewing web applications, thick client, source code, operating system and network security architectures. Expert level skills with testing tools including: Burpsuite, Kali Linux, nmap, sqlmap etc.
• Offensive/Red-team experience - knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Proven ability to program and script in a variety of programming/scripting languages.
• Knowledge of either *-nix, Windows or Mac OS internals.
• Ability to communicate practical impact of vulnerabilities, build proof of concept code to exploit, define effective remediations, and liaise with developers to find a suitable solution.

What you need?

• Experience delivering security testing of web based services, cloud services and underlying infrastructure, looking for sophisticated attack vectors and recommending mitigations
• Reporting and explaining the results of penetration tests aimed at technical employees, managers, and executives.
• Min of 4 years of offensive security experience in either product or service based company (ideally white box, source code supported testing)
• Recognized certifications (e.g., CRT, OSCP, OSWE, OSCE) in the field of penetration testing
• Good analytical skills to understand the implications of security threats
• Good verbal and written communication skills to ensure business and technical risks as clearly communicated
• Experience using penetration testing tools such as BurpSuite, Nmap and Metasploit
• Experience developing and/or reviewing source code
• Experience reviewing cloud infrastructure configurations and infrastructure as code
• Experience working within a software development team and environments with frequent change

What's in it for you?

• On going personalised training programs and R&D time.
• Tailor made career development plans with unlimited opportunities to grow within the business.
• Market aligned salary with share options for the right person!
• Supportive, caring and empowering leadership
• On going social events, yearly team events!
• Opportunities to attend events and conferences
• Flexible work, care about your life outside of work. Hybrid model.