● Act as a team leader / first point of contact in engagements involving multiple test phases and team members.
● Seek out opportunities to improve business processes and standards, identify issues and suggest improvements.
● Identify and drive new service lines, take ownership of associated methodologies that enable delivery of the new lines.
● Build and maintain the Security Testing laboratory, ensuring that rigs are up to date with current Crest and CyberScheme exam syllabi.
● Maintain and improve the Canopy reporting engine templates database.
● Ensure that all your team members comply with Trustmarque policy.
● Encourage all team members to develop and improve skills, identify gaps in skill set and experience.
● Coach and mentor team members through exam preparation and study.
● Set halfway point and annual objectives and measure team members against them at review time.
● Provide quality assurance of team member knowledge base articles, white papers and blog posts.
● Proven track record of delivering penetration testing services
● Has delivered technical work at a senior level, (CTL in either Inf or Apps)
● 5+ years of penetration testing experience
● Assists with recruitment, interviews and grading of potential new candidates to the team.
● Ability to maintain UK security clearances as required by the business.
• Proficient in scripting language, Bash, PowerShell, VB, Python etc.
• Demonstrable experience of the use of penetration tools such as Nessus, Nmap, Metasploit, BurpSuite etc.
• Solid understanding of the suite of TCP/IP protocols and the OSI model.
• Ability to adapt to complex ever changing environments and to quickly understand, and exploit to your advantage, such environments.
• Proven experience of testing web applications, their platforms and technologies and methodologies used to create them.
• Solid experience of network and infrastructure penetration testing
• Proven experience of carrying out network device reviews
• Proven track record of carrying out ITHC’s for PCI DSS and PSN compliance.
● Ability to set examples to all team members and provide leadership and support.
● Passionate about the security lifecycle.
● Ability to engage with senior executives of differing technical levels, and to encourage the buy in of our security ethos.
● Confidence, flexibility and ability to think creatively and offer solutions to complex problems.
● Ability to translate specialist, technical information into plain English.