Über neue Stellenangebote auf dem Laufenden bleiben:
Werden Sie Teil unserer Talent Community
London, England, United Kingdom
A motivated Senior Red Team Tester is required to join the Penetration Testing Team within the Global Information Consultancy Team. The primary objective is to find underlying weaknesses and identify vulnerabilities that could be exploited by external or internal attackers. Their role involves conducting thorough assessments based on real-world scenarios, generating realistic vulnerabilities and complex multi-stage attacks.
The successful candidate will function as a senior cyber security professional for a wide range of technologies within the corporate network. They will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber teams.
We are looking for a collaborative collaborator, with good technical knowledge in web application, infrastructure penetration testing, extensive vulnerability knowledge and someone that can identify security risks and suggest improvements to prevent security incidents occurring. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.
Responsibility:
• Red Team Assessments: To plan and execute complex assessments to identify vulnerabilities, weaknesses and misconfigurations for technologies used within the network environment.
• Purple Team Assessments: Collaborate with other cyber defence and IT teams to evaluate the effectiveness of detective controls in place.
• Threat Profiling: Good working knowledge of threat actors and the tactics, techniques, and procedures (TTPs)
• Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.
• Simulated Phishing attacks: Work with the Security Education and Awareness team to produce phishing emails based on real world scenarios with up-to-date threats in a controlled manner.
• Security Analysis: Analyzing the results of red team assessments to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
• Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
• Remediation Support: Collaborating with cyber teams, IT teams, developers, and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on security best practices, secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.
• Mentoring: Supporting colleagues in the Penetration Team in all aspects of the job, technical and procedural.
• Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.
• Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.
• Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.
The Requirements:
Minimum Criteria:
• Education: A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.
• Technical Knowledge: A strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.
Skills:
• Strong knowledge of the cyber kill chain, common tactics, techniques, and procedures which are often used by adversaries.
• Must have strong research capabilities and be up to date with the cyber industry.
• Web Application Security: In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.
• Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws.
• Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
• Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc.) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
• Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.
Holds relevant industry certification/s or equivalent like the following:
• CEH – Certified Ethical Hacker
• OSCP – Offensive Security Certified Professional
• GRTP – GIAC Red Team Professional
• GPEN – GIAC Penetration Tester
• GWAPT – GIAC Web Application Penetration tester
• GDAT – GIAC Defending Advanced Threats
• CRT - CREST Registered Penetration Tester
• CCSAS – CREST Certified Simulated Attack Specialist
Practical experience gained through participation in bug bounty programs, capture-the-flag (CTF) competitions, and real-world projects can also be valuable in showcasing skills and expertise.
At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.
Danke
Danke
Jegliche Initiativbewerbungen/Kandidatenprofile, die über unsere Website oder persönliche E-Mail-Konten von Mitarbeitern bei Willis Towers Watson eingehen, werden als Eigentum von Willis Towers Watson betrachtet und sind von der Zahlung von Vermittlungsgebühren ausgenommen. Eine Agentur, die für Willis Towers Watson als autorisierter Personalvermittler/Headhunter tätig werden möchte, muss eine offizielle schriftliche, durch einen Personalreferenten von Willis Towers Watson unterschriebene Vereinbarung und eine aktive Arbeitsbeziehung mit dem Unternehmen haben. Bewerbungen müssen gemäß unserem Bewerbungsverfahren für Kandidaten eingereicht werden und setzt eine aktive Beteiligung an der jeweiligen Personalsuche voraus. Ebenso gilt für unsere autorisierten Personalvermittler/Headhunter, dass bei Nichtbefolgen des Bewerbungsverfahren für Kandidaten keine Vermittlungsgebühren von Willis Towers Watson entrichtet werden. Willis Towers Watson ist ein Arbeitgeber, der sich für die Chancengleichheit engagiert. Wenn wir Ihre Kontaktdaten für zukünftige Zwecke speichern sollen, senden Sie bitte eine E-Mail an: Agency.inquiries@willistowerswatson.com .
Unsere Kollegen betreuen Kunden in mehr als 140 Ländern und Märkten auf der ganzen Welt. Aufgrund der globalen Dimension unserer Tätigkeiten eröffnen sich Ihnen unzählige spannende Kooperations- und Wachstumsmöglichkeiten. Auf der unten stehenden Karte können Sie nachsehen, wohin Sie Ihre Karriere führen könnte.
Diese Website verwendet Cookies. Unbedingt erforderliche Cookies sind immer aktiviert. Wenn Sie auf „Zustimmen und fortfahren“ klicken, werden alle Cookies akzeptiert. Klicken Sie auf „Cookies verwalten“, um detaillierte Beschreibungen der Cookie-Typen anzuzeigen und auszuwählen, ob bestimmte Cookie-Kategorien während des Besuchs der Website akzeptiert werden sollen. Wenn Sie dieses Banner schließen, verbleiben nur unbedingt erforderliche Cookies in Ihrem Browser.
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Diese Cookies sind für die Funktionalität und Personalisierung der Website erforderlich und können in unseren Systemen nicht ausgeschaltet werden. Sie werden normalerweise nur als Reaktion auf von Ihnen durchgeführte Aktionen gesetzt, die einer Anforderung von Diensten gleichkommen, wie etwa das Festlegen Ihrer Datenschutzeinstellungen, das Anmelden oder das Ausfüllen von Formularen. Sie können Ihren Browser so einstellen, dass er diese Cookies blockiert oder Sie darüber benachrichtigt, aber einige Teile der Website funktionieren dann nicht. Diese Cookies speichern keine personenbezogenen Daten.
Diese Cookies ermöglichen es uns, Besuche und Verkehrsquellen zu zählen, damit wir die Leistung unserer Website messen und verbessern können. Sie helfen uns herauszufinden, welche Seiten am beliebtesten und welche am wenigsten beliebt sind, und zu sehen, wie sich Besucher auf der Website bewegen. Alle von diesen Cookies gesammelten Informationen werden zusammengefasst und sind daher anonym. Wenn Sie diese Cookies nicht zulassen, wissen wir nicht, wann Sie unsere Website besucht haben, und können ihre Leistung nicht überwachen.