Senior Penetration Tester

October 30

Apply Now

Receive Emails with Similar Jobs

Tandem Bank

WebsiteLinkedInAll Job Openings

11 - 50

Description

• The primary responsibility of the Senior Penetration Tester is to lead and execute comprehensive penetration testing activities across various digital platforms and environments. • This role will encompass testing web applications, APIs, mobile applications, network infrastructure, and cloud platforms (AWS and Azure). • Additionally, the role will involve contributing to the overall security strategy, particularly focusing on offensive and defensive security operations, threat intelligence and modelling. • The successful candidate will play a critical role in improving Tandem Bank’s security posture, working collaboratively with Security Operations to identify, mitigate, and remediate vulnerabilities, and assist in refining security protocols and best practices. • Conduct penetration tests on web applications, APIs, and mobile applications (Android & iOS). • Perform infrastructure security assessments of network environments and cloud platforms (AWS & Azure). • Review Firewall and Switch rules and ACLs • Lead in Red Team exercises to assess defensive measures and identify security weaknesses. • Execute social engineering campaigns, including complex phishing simulations and physical security tests. • Collaborate with internal teams to define remediation strategies for identified vulnerabilities. • Support forensic investigations and contribute to incident response activities. • Stay updated on the latest security trends, vulnerabilities, and penetration testing methodologies. • Contribute to the development of security processes, procedures, and best practices to strengthen the security posture of Tandem Bank. • Prepare detailed reports for both technical teams and executive stakeholders, articulating vulnerabilities, and recommended remediation.

Requirements

• Extensive experience in penetration testing across: • Web Application & API Testing • Mobile Application Security Testing (Android & iOS) • Network Infrastructure Testing • Cloud Security Testing (AWS & Azure) • Proven track record in leading Red Team engagements. • Strong knowledge of social engineering tactics and experience in executing complex phishing and physical assessments. • Experience with Digital Forensics and Threat Intelligence integration. • Ability to collaborate effectively with cross-functional teams and stakeholders. • Strong understanding of attack vectors, threat landscapes, and security best practices. • Desirable Certifications: • OSCP (Offensive Security Certified Professional) • OSCE (Offensive Security Certified Expert) • CREST CRT (Certified Registered Tester)

Benefits

• 25 days annual leave plus 8 days Bank Holiday • An additional day off for a ‘celebration day’ including, but not limited to, birthdays, weddings, religious holidays, graduations etc • Buy or sell up to 5 days holiday a year • Healthcare cash plan through Westfield Health worth a minimum of £750 per year • Electric Vehicle salary sacrifice scheme • Cycle to Work salary sacrifice scheme and a free helmet • Salary sacrifice Pension contribution*, 4% employee contributions matched with 4% Tandem contribution (*Subject to salary eligibility) • Smart Tech scheme (buy goods with 0% interest) • 10% discount on solar panels • Tandem Hub for treats, cash back and discounts on UK retailers • 2 days per year paid volunteering • Free cereal, snacks and drinks in all offices • Quarterly team social budgets • A little welcome gift from us to you, we’ll plant a tree in the Tandem Grove and you can enter into our “Green Deal” • Volunteer 2 days a year for charity > receive an early Friday finish • Raise £200 per annum for charity > Tandem provide PR and marketing support • Have renewable energy at home > receive an additional 1 day annual leave • Drive an electric car > receive £500 towards a home charger