Offers “CGI”

Expires soon CGI

Penetration Tester

  • Reading (Reading)
  • IT development

Job description

Job Description

Penetration Tester

Position Description
Be part of something cutting edge. Do you want to take control of your future? Are you ready for the responsibility of working with high profile clients in the world’s most exciting sectors? Do you want to take your career to the next level as part of a dynamic company that gives you a direct stake in its success? If you do, join our UK Cyber Penetration Test team.

We have a number of opportunities for CHECK, CREST or TIGER Penetration Testers within our Cyber Security business unit, one of the largest groups of cyber security specialists in the UK. We have a long established reputation in this area, undertaking rigorous testing for a variety of commercial and public sector clients for over 10 years.

We are seeking penetration testers specialising in either applications or networks, either to be part of the team or as lead leaders. Experience of the assessment of bespoke applications, cloud technologies and mobile applications (on diverse mobile platforms) would be of an advantage. In addition to deep technical skills and an interest in technology and research, we are keen that all our testers are able to communicate effectively with customers the results of testing and guidance to secure their systems. For senior positions we expect our testers to mentor mentors and lead engagements, as well as supporting the technical development of our services through research.

Additionally, depending on your skillset and interests, you may also be asked to participate in CGI’s Advanced Threat Analysis team, providing pre- and post-attack analysis of sophisticated cyber attacks, as well as representing us at conferences and industry events by presenting research.

What’s important to understand is that penetration testing is a very broad but specialist role. You’ll be working with a multitude of technologies but at the same time specialise in the security considerations for each of them.

The roles can be based at any of our UK offices although flexibility is required to also work at other offices and client sites within the UK. Packages are competitive for senior and experienced individuals.

Due to the nature and location of some of our work you will need to be eligible and willing to undergo UK Security Clearance at SC level and/or higher.

Your future duties and responsibilities
As a penetration tester with us, the kind of day tasks we perform may include but not be limited to, some or all of the following;

• Infrastructure testing: This is the bread and butter of our work. We are usually located inside the target network and see what systems we can exploit from a network perspective a knowledge of network services and being familiar with tools such as nmap, Nessus, metasploit, etc will help in this regard.

• Application testing: This is the second most prevelant type of work we do which is based around identifying weaknesses in web (and mobile) applications. We look for issues typically categorised within the OWASP Top 10 such as XSS, SQLi, CSRF, Session hijacking and command injection a knowledge of web applications and web development languages helps during this type of testing and you will be expected to be familiar with tools such as burpsuite, w3af, etc…

• Wireless Testing: Wireless audits includes a review of client provided wireless access points, ensuring that correct practices are followed in the deployment of 802.1x connectivity and the detection and location of rogue access points that may be planted within a client environment. Tools you would expected to be familiar with are: kismet, aircrack, wifite, etc.

• Lockdown Testing: Lockdown testing is where we are usually given a workstation or system and our job it to see if we can breakout of the locked down user environment. This is often also called kiosk testing and the idea is to see what a normal user can do outside of their expected functionality with the ultimate goals being that of accessing data and/or resources they would not have legitimate access to otherwise. Typically we find that a knowledge of scripting languages such as powershell, VBS, Bash, general operating systems and system administration helps the most in this area.

• Firewall and Switch reviews: This is where we review both the permitted rules that can traverse a firewall/switch as well as looking into the build state of the firewall to ensure it follows best industry practice. A familiarity with network topics including routing along with common services helps in this area not forgetting knowledge of firewall solutions themselves, Cisco, Juniper, Nokia, Fortinet, etc and while we do make use of automated tools in order to speed up reviewing times on the whole it requires an analytical mind to decipher most large rulesets.

Required qualifications to be successful in this role
To join us you should be a passionate Cyber Security/Penetration Test professional. You’ll need to be able to demonstrate the skills you have developed in your career already and have a clear idea on how you’d like your career to develop. We can support your career development and give you the variety of clients and projects that will really enhance your Cyber career. You’ll need to be a good communicator both verbal and written and be able to work individually or as part of a larger team. You’ll always be supported through mentoring and training, and the team have regular 'meet ups' to share best practice and exchange ideas and solutions. Ideally you should already hold an appropriate CHECK, CREST or TIGER Penetration Tester qualification or certification but you will be supported to gain these as appropriate.

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at www.cgi.com.

No unsolicited agency referrals please.

CGI is an equal opportunity employer.

Skills

Reference

682525

Make every future a success.
  • Job directory
  • Business directory