Pour rester informé sur nos opportunités :
    Rejoignez notre communauté de Talents

    Penetration Tester – Network Infrastructure Focused

    London, England, United Kingdom

    Penetration Tester – Network Infrastructure Focused

    • 202407241
    • London, England, United Kingdom
    • Closing on: Dec 16 2024

    Description

    A penetration tester is responsible for assessing the security of network infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation. The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.

    We are looking for a collaborative team player, with a good technical knowledge in network infrastructure with exposure to penetration testing or a willingness to learn. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business. 

    The Role:

    Responsibility: 

    • Vulnerability Assessment: Conducting comprehensive assessments of network Infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application/server.
    • Network Security Testing: Performing controlled attacks on network infrastructure and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access. 
    • Network Security Assessments: Perform Switch and Router configuration assessments for any misconfigurations or overly permissive rules.
    • Be a Network security expert for the rest of the offensive security team.
    • Security Analysis: Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
    • Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
    • Remediation Support: Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.
    • Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure. 
    • Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.
    • Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.

    Qualifications

    The Requirements:

    Minimum Criteria:

    • Education: A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.
    • Technical Knowledge: A strong understanding of network infrastructure both on prem and in the cloud. Must have knowledge on CISCO, Palo Alto, Fortinet and F5 network equipment.

    Skills:

    • Network Technologies: Extensive experience of network infrastructure equipment in use across different segments of the network is a must.
    • Web Application Security: knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. An understanding of OWASP Top 10 vulnerabilities is preferred.
    • Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws. 
    • Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is preferred.
    • Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc.) to write custom scripts and tools. Understanding SQL queries for database testing is beneficial.
    • Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.

    Holds relevant industry certification/s or equivalent like the following:

    • CCNA
    • CCNP
    • Relevant network related certifications
    • Any Security related certification is an advantage.

    Equal Opportunity Employer

    At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organization. We embrace all types of diversity.

    At WTW, we trust you to know your work and the people, tools and environment you need to be successful. The majority of our colleagues work in a ”hybrid” style, with a mix of remote, in-person and in-office interactions dependent on the needs of the team, role and clients. Our flexibility is rooted in trust and “hybrid” is not a one-size-fits-all solution.

    Apply Now

    Pas toi?

    Merci

    Contact non sollicité

    Tous les profils de candidats / candidatures non sollicités soumis via notre site Web ou des comptes de messagerie personnels d’employés de Willis Towers Watson sont considérés comme la propriété de Willis Towers Watson et ne sont pas soumis au paiement de frais d’agence. Afin de devenir une agence de recrutement / un cabinet de recherche autorisé pour Willis Towers Watson, toute agence de ce type doit disposer d’un contrat écrit en bonne et due forme, signé par un recruteur autorisé Willis Towers Watson et entretenir une relation de travail active avec l’organisation. Les curriculum vitae doivent être soumis conformément à notre processus de candidature, qui implique de participer activement à la recherche. De même, pour nos agences de recrutement / cabinets de recrutement autorisés, si le processus de candidature n’est pas suivi, aucun frais d’agence ne sera payé par Willis Towers Watson. Si vous souhaitez que vos coordonnées soient sauvegardées en vue d’un examen ultérieur, veuillez nous envoyer un courriel à l’adresse Agency.inquiries@willistowerswatson.com .

    Nos bureaux

    Nos collègues sont présents dans plus de 140 pays : de Mumbai à Londres, en passant par Manille et New York, du Moyen-Orient à l’Amérique latine. Grâce à notre présence internationale, tout ce que nous accomplissons prend une dimension mondiale et crée des occasions de collaboration et de croissance pour vous. Parcourez la carte ci-dessous pour voir jusqu’où votre carrière pourrait vous mener.

    Rencontrez nos collaborateurs