Job Description

Description The successful candidate will be acting as an in-house penetration tester within the Experian Global Security Office Red team. Underpinning this will be their ability to perform penetration tests, create detailed reporting for the customer, provide post reporting consulting to the customer project team in such a way the findings are clearly articulated and remediation options are explained, and provide consulting to the Risk Management team to assist with evaluating and scoring new vulnerabilities in the context of Experian’s computing environment. They will be required to act as liaison between the business and GTS to ensure vulnerabilities are managed appropriately. The candidate will also participate as a key member and information security subject matter expert on project teams, chartered with the secure implementation of new applications and systems into the enterprise infrastructure as well as implementation of various security technologies. You should have a broad knowledge base in various technologies and platforms found in most businesses and a good experience of accepted security practices and solutions. Additionally, you should have in-depth knowledge in at least two other areas such as network protocols and operating systems (other areas could be scripting, coding, reverse engineering, network architecture). This role will also support internal (security department) needs as they occur (fill vacancies and or train and help develop other staff). Teamwork, the ability to make sound security decisions and good communication skills are key to interfacing with other departments to collect information and developing the basis of the risk assessments. The ability to cope with multiple tasks / projects is a nature of the business and is a plus. Knowledge, Experience & Qualifications Essential: 2 + years of previous penetration testing experience. Experience assessing and developing information security standards, policy, procedures Knowledge of industry testing standards (NIST, OWASP, OSSIM) Vulnerability Management and Assessment experience within a regulated environment Co-ordinating with peers and senior stakeholders to obtain results; specifically for ensuring the appropriate risk mitigation measures are implemented. Knowledge and experience of using Vulnerability scanners such as Rapid 7, Nessus and a good understanding of vulnerability scanners functions and limitations. Experience of securely managing and maintaining enterprise Operating Systems, web servers and database systems; especially in relation to patch management, secure configurations and hardening. Strong communication (both written and verbal) skills in relation to interpreting technical issues for the business and/or external clients Experience in interpreting penetration testing security assessment results and formulate a risk decision. Deep knowledge of networking protocols, routing, IP subnets, and configuration Deep knowledge of operating systems and architectures. Experience on internal and external attack and penetration methodologies and results Technical experience of network, infrastructure or software projects Operations or support experience in either Systems or Networking Contributes to strategic planning discussions Process Driven and has eye for detail Solid understanding of key network and technical security controls. Good interpersonal skills, self-motivated, willingness to take on challenges and adaptability to change Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions Ensure that appropriate visibility of non-compliance is raised through the corporate risk process. Desirable: Penetration testing related certifications (OSCP) CISSP preferred or Professional certifications preferred; CISSP, CISA or CISM Knowledge of current IRM team and VM practices within the organization

Source:

How to Apply

Click Here to Apply

Apply for this Job

Name *

Email *

Message *

Upload resumé (pdf, doc, docx, zip, txt, rtf)

Upload cover letter (pdf, doc, docx, zip, txt, rtf)

Is fire “hot” or “cold”? *