|Penetration Tester / Ethical Hacker - Cloud DevSecOps - Remote / Home Working (EU Wide) 80 - 100k - 30 Days + 8 B/H + Package Offensive experience required - Red Team OSCE etc Rapidly growing Fintech - fantastic reviews on Glassdoor etc We currently seek a great Ethical Hacker / Penetration tester with strong knowledge of Cloud (ideally AWS), DevSecOps who can code / script (ideally Terraform) to work from a London Office or remotely anywhere in the EU on our clients market leading cloud / AWS payments platform.
Keywords: Ethical Hacker, Penetration Tester, Offensive Security, Red Team, Whitehat Hacker, DevSecOps, Security Consultants, OSCE, GXPN, CEPT, LPT, Cloud Security, AWS, Application Security, The role Reporting into the Head of Information Security working on a leading-edge platform utilising Infrastructure-as-a-code fully automated CI/CD monitored platform. Our client believes in cross training so you can gain a broad understanding of information security.
Creating scripts to test for vulnerabilities including penetration testing and risk assessment implementing technical controls and automation to meet compliance of information security frameworks Developing low-level tools for vulnerabilities to improve security testing and monitoring Security configuration, hardening and risks, i.e. Linux/Unix, Mac OS, Containers, Office 365, etc. Performing risk assessment across the entire network Keep up to date on the latest security threats and vulnerabilities Performing response analytics, determining root-cause and mitigation of cyber security events Operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems Continuous process improvement across the board
Key Skills (and stuff you can learn)
Public Cloud security (Ideally AWS) Programming / Scripting experience - e.g. Python, Bash, Terraform, C / C++, Java, C#, Go DevSecOps tools / Processes e.g. automatic code analysis Securing Docker and Container Orchestration Relevant Certifications - GXPN, CEPT, OSCE, LPT, CREST Application Security - OWASP / SANS Security operations, security incident response, forensic security investigations, management and remediation of identified and day zero vulnerabilities, alerts, threats and breaches Networking, Application and ‘Next Generation’ Firewalls, IDS/IPS, Proxies, security monitoring, FIM, WAF, DDOS, DLP, malware, antivirus and endpoint protection Vulnerability Management, SIEM and Threat Intelligence systems Various technologies and operating systems and their related security configuration, hardening and risks i.e. Linux/Unix, Mac OS, Containers, Office 365, etc. Cryptographic controls, secure communications, PKI, hash and encryption technologies, ciphers, including IPsec VPN, TLS and certificates
Really great opportunity. Please get in touch for a swift response