Penetration Tester (Contract)

Marcus Donald are currently looking for an experienced Penetration Tester (CONTRACTOR) to become an influential member of a growing team within a company with hugely exciting plans for 2022 and beyond. The exciting plans have been stimulated by huge Government backed funding to allow my client to reach the levels identified after what has been a very successful last few years.

The successful recruit will have the option of working fully remote (from home) ANYWHERE within the UK or - with the company’s full support - relocate closer to the office in the beautiful Channel Islands.

The team you will be joining have penetration testers at all levels and help them to achieve their full potential. This ensures the team is at the top of their game on Mobile, Web Application, Infrastructure, WiFi, Reverse Engineering, Exploit Development, Research, Red Teaming and Social Engineering engagements. You will bring a wealth of knowledge into the team and work with industry experts who will be able to share with you, new skills and techniques.

You will be working with a plethora of interesting clients on ground-breaking projects. If you want exposure to a variety of industry sectors, working on projects that will challenge you to innovate and problem solve then we can offer you the variety you are looking for. The ideal candidate would be able to conduct penetration testing engagements for clients. With the development plans in place and the business roadmap created, there isn’t a better time to get involved!

Key Responsibilities – Penetration Tester:

• Deliver penetration testing engagements for clients.
• Respond to customer queries and security events, ensuring making sure feedback loops are in place to improve our service and response
• Specialist in one or more of the following: Web Applications, Infrastructure, Mobile, WiFi, Reverse Engineering or Exploit Development
• The desire to constantly learn and develop
• Have a critical eye for detail
• Excellent report writing skills
• Providing some mentorship to junior members of the team.
• Experience in social engineering testing, including phishing simulations and or physical testing
• Some experience in general development with knowledge of python, golang, Java or C# would be an advantage.

Critical Competencies – Penetration Tester:

• Knowledge of security testing and assessment methodologies and frameworks such as OWASP, Mitre ATT&CK Framework, OSSTMM, NIST and PTES industry best practices and generally accepted information security principles.
• Demonstrated experience in using security assessment tools and techniques that include, but are not limited to; Burp Suite, Kali Linux, Nessus, Nikto, Metasploit, NMAP etc.
• Ability to combine multiple separate findings to identify complex blended vulnerabilities that would not be exploitable as a result of a single weakness is required.
• Experience of infrastructure penetration testing within corporate networks with a good knowledge of common attack vectors.
• Appropriate certifications in penetration testing such as QSTM, CSTM, CREST, OSCP.
• Ability to adapt public exploits or create exploits from scratch in appropriate languages.
• Able to work on own initiative with minimal supervision.
• Strong command of the English language and good reporting skills.
• Able to deploy into client environments.
• In depth understanding of Windows and Linux operating systems.
• Experience in Network Security testing.

Desirable Competencies – Penetration Tester:

• Mobile (Android and IOS) application penetration testing experience.
• Knowledge of Sysmon and creating rules.
• Knowledge of the current C2 / exploitation framework a bonus.
• Experience managing client accounts.
• Willingness to continually learn.

Location: Fully remote in the UK
Pay Rate: £350 - £450 per day (Inside IR35)

If you feel this position is of interest and you would like to learn more, please either apply or email jryan@marcusdonald.com. The FULL job description is also available upon request. Look forward to speaking with you.