SC Cleared Penetration Tester

Posted Today by IF Recruitment Ltd

Apply

Negotiable

Outside

Remote

Remote, UK

Apply

Application Security Authentications Cryptography Microsoft Windows Network Administration Network Security Penetration Testing Python (Programming Language) Stakeholder Management Unix Web Applications Windows PowerShell Workflows

Summary: The role of SC Cleared Penetration Tester involves conducting web, infrastructure, and application-level penetration testing while adhering to defined methodologies. The position requires collaboration with stakeholders to identify testing requirements and involves briefing on security reports and outcomes. Candidates must possess extensive knowledge in various security domains and be willing to obtain necessary security clearances. This role is classified as outside IR35.

Key Responsibilities:

Providing Web, infrastructure and application-level penetration testing, including but not limited to COTS software and NOTS/GOTS software, following clearly defined methodologies.
Participating in kick-off meetings with stakeholders and technical points of contact in order to identify requirements for testing.
Following the documented procedures and workflows outlined by the technical leads.
Attending team meetings if required.
Briefing, at both executive and technical levels, on security reports and testing outcome, including at flag officer level.
In case of new vulnerabilities detected for COTS software, following the Responsible Disclosure Process and following-up with vendors and stakeholders.
Providing security design reviews to ensure compliance with the client's policies and directives.
In co-ordination with the Technical Lead of the Penetration testing team, ensuring proactive collaboration and coordination with internal and external stakeholders.

Key Skills:

Extensive knowledge and experience (at least 3 years) in web application penetration testing.
IT infrastructure penetration testing.
Network security architecture design.
Assessing security vulnerabilities within OS, software, protocols & networks.
Researching and evaluating security products & technologies.
Knowledge in system and network administration of UNIX and Windows systems.
Use of penetration testing tools, techniques, and recognized testing methodologies.
Scripting skills in at least one of the following: Python, Go, PowerShell, Shell (bash, ksh, csh).
Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies.

Salary (Rate): undetermined

City: undetermined

Country: UK

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

The Role:

Providing Web, infrastructure and application-level penetration testing, including but not limited to COTS software and NOTS/GOTS software, following clearly defined methodologies.
Participating in kick-off meetings with stakeholders and technical points of contact in order to identify requirements for testing.
Following the documented procedures and workflows outlined by the technical leads.
Attending team meetings if required.
Briefing, at both executive and technical levels, on security reports and testing outcome, including at flag officer level.
In case of new vulnerabilities detected for COTS software, following the Responsible Disclosure Process and following-up with vendors and stakeholders.
Providing security design reviews to ensure compliance with the client's policies and directives.
In co-ordination with the Technical Lead of the Penetration testing team, ensuring proactive collaboration and coordination with internal and external stakeholders.

Skills:

Extensive knowledge and experience (at least 3 years) in the following areas:

Web application penetration testing
IT infrastructure penetration testing
Network security architecture design
Assessing security vulnerabilities within OS, software, protocols & networks
Researching and evaluating security products & technologies
Knowledge in system and network administration of UNIX and Windows systems
Use of penetration testing tools, techniques, and recognized testing methodologies
Scripting skills in at least one of the following: Python, Go, PowerShell, Shell (bash, ksh, csh)
Technical knowledge in system and network security, authentication and security protocols, cryptography, application security, as well as, malware infection techniques and protection technologies.

Candidates must hold or be willing to undergo SC or Nato clearance.

This role falls outside IR35.

Apply

Inside IR35

Outside IR35

Permanent Employee

IR35

Umbrella Companies

Limited Companies

First Time Contractors

What Is IR35?

InsideIR35

Outside IR35

The Cost of IR35

IR35 Assessments

IR35 Rules

IR35 Compliance

Expenses

Foreign Companies

Overseas Contractors

Limited Companies

Sole Traders

What Is An Umbrella Company?

Choosing an Umbrella Company

Tax and Pay

Tax Avoidance

Fees (Margin)

National Insurance

Holiday Pay

Expenses

Pensions

Maternity Pay

Sick Pay

What Is A Limited Company?

Limited Company vs Sole Trader

Incorporation

Taxes

Filing Responsibilities

Bookkeeping

Insurance

Expenses

Buying a Car or Van

Capital Allowances

Benefits In Kind

Pensions

Employing A Spouse

Managing Excess Money

Dormant Companies

Closing Your Company

Withdrawing Money

Business Asset Disposal Relief

How To Become A Contractor

Inside IR35 Checklist

Outside IR35 Checklist

Self-Assessment Tax Returns

Mortgages

Pensions

Working Multiple Contracts

What is the £100k Abatement?

Inside IR35

Outside IR35

Permanent Employee

IR35

Umbrella Companies

Limited Companies

First Time Contractors

What Is IR35?

InsideIR35

Outside IR35

The Cost of IR35

IR35 Assessments

IR35 Rules

IR35 Compliance

Expenses

Foreign Companies

Overseas Contractors

Limited Companies

Sole Traders

What Is An Umbrella Company?

Choosing an Umbrella Company

Tax and Pay

Tax Avoidance

Fees (Margin)