Website Capital One
We are currently looking at add a Penetration Tester to our Offensive Security team. This role combines technical hands-on expertise with the ability to contribute to an overall success strategy based around innovation and results. As a Penetration Tester you will be part of a team responsible for collaborating closely with Software Engineering teams through application penetration testing and assisting remediation guidance activities to enable the UK Business.
- Be part of the delivery of penetration testing / security assessments.
- Collaborate closely with the business throughout remediation including influencing stakeholders and delivery teams on prioritisation of security activities and issue remediation.
- Establish effective and productive relationships with colleagues across the Global Cyber organisation and technology departments as well as the UK business.
- Empower the delivery team’s resources by promoting application security awareness and standards through training, mentoring and vulnerability demos.
- Establish credibility throughout the organisation by earning a reputation for being a proactive member of the Cyber Security delivery team.
- Contribute to findings, risks and conclusions that will be presented to technical and non-technical audiences.
- Scripting and development experience is highly desirable.
- Technical knowledge of cloud hosting and penetration testing techniques of cloud based applications. Familiarity with AWS is desirable.
- Strong experience in penetration testing and/or application security engineering is a must.
- Working knowledge and experience in securing and developing web applications, APIs/web services and mobile apps.
- Familiarity with penetration testing tools such as BurpSuite, OWASP Zap, SoapUI etc.
- Confident knowledge of Web, API and mobile application security testing frameworks and methodologies.
- Exposure to software engineering, system and network security, authentication and security protocols, cryptography, and network/web related protocols (e.g., TCP, UDP, HTTP, HTTPS)
- Appreciation of application security best practices including OWASP Top 10 and OWASP Mobile Top 10.
- Experience with static analysis, security code review, security automation and security training is desirable.
Company: Capital One
Vacancy Type: Full Time
Job Location: London, England, United Kingdom
Application Deadline: N/A