Penetration Tester

Posted 12 hours 38 minutes ago by NatWest Group

Permanent
Full Time
Other
Scotland, United Kingdom
Job Description
Overview

Join us as a Penetration Tester. Take on a new challenge and use your specialist knowledge to support the wider organisation in building and operating secure services that protect both colleagues and customers. You'll act as a subject matter expert as a Penetration Tester, this will involve identifying vulnerabilities across the bank's systems helping to keep our customers, staff, and data secure. You'll be joining an exciting and fast-paced area of the bank, where you can expect great exposure both for you and your work. You'll work from home the majority of the time, but you'll also spend a minimum of 2 days per month working from the Edinburgh office.


What you'll do

As a Penetration Tester, you'll be responsible for conducting Web Application tests, looking for vulnerabilities with real business impact. NatWest Group have a wide range of systems and services ensuring a variety of test scenarios.


You'll also be:



  • Conduct Web Application and API testing independently and as part of a team for larger projects

  • Provide accurate reports with well-evidenced issues demonstrating the full impact of any identified vulnerabilities

  • Scope and refine requirements to deliver value for money and meaningful testing

  • Offer a high level of service to bank's internal project teams to assist with getting projects into production securely

  • Maintain a high level of skill and keep up to date with vulnerabilities in modern web application systems

  • Carry out tests on Networks, Mobiles, Thin Clients, and Cloud


The skills you'll need

To be successful in this role, you'll need knowledge of one or more security subject areas.


Additionally, you'll need:



  • Experience of OSCP/OSWA or CRT/CSTM or CWES/CPTS or Burp Suite Certified Practitioner

  • Demonstrable understanding of the OWASP Top Ten vulnerabilities, how to identify and exploit them

  • Familiarity with testing tools like Burp Suite and common bApp store extensions, plus Metasploit, nmap, and Nessus

  • Excellent verbal and written communication skills with the ability to adapt for technical and non-technical audiences

  • The ability to work independently while recognising when to collaborate or escalate