Responsibilities
* Lead and manage the full lifecycle of complex penetration testing engagements, applying a strong threat intelligence-led approach.
* Execute advanced penetration tests across a broad range of environments (applications, infrastructure, web, APIs, O365, Azure, AWS, OT), directly applying knowledge of current threat landscapes and attacker TTPs.
* Develop and maintain sophisticated test plans, execution plans, and targeted use cases informed by threat intelligence analysis.
* Identify and prioritize OT and IT assets, services, and systems based on their criticality and exposure to identified threats.
* Strategically prioritize, plan, and schedule penetration testing engagements based on threat assessments and client-specific requirements.
* Produce high-quality, detailed reports that articulate technical findings, potential business impact, and actionable remediation recommendations for both technical and non-technical stakeholders.
* Clearly and effectively communicate complex security concepts, adversarial tactics, and threat intelligence insights to diverse audiences.
* Collaborate with client IT and cybersecurity teams to enhance security protocols and ensure effective remediation of identified vulnerabilities.
* Track remediation progress and provide regular updates to stakeholders, highlighting threat reduction.
* Conduct proactive security research and contribute to technical content on emerging threats, attack techniques, and threat intelligence-led testing methodologies.
* Contribute to strengthening security monitoring capabilities by providing insights into offensive techniques to enhance detection and response.
* Drive the patching regime for identified vulnerabilities, prioritizing remediation based on threat intelligence.
Qualifications
* Minimum of 5 years of demonstrable professional experience in penetration testing, with emphasis on understanding, emulating, and leveraging adversarial tactics and threat intelligence.
* Comprehensive understanding of OT and IT asset profiles, technologies, and security best practices, with the ability to contextualize them within the current threat landscape.
* In-depth knowledge of network protocols, cryptography, security vulnerabilities, and common attack vectors used by sophisticated threat actors.
* Proficiency in a wide range of penetration testing tools and methodologies, including those used for threat intelligence analysis and application testing.
* Proven experience in scoping and executing complex penetration tests driven by threat intelligence.
* Exceptional written and verbal communication skills to articulate complex technical findings and threat intelligence insights clearly to diverse audiences.
* Strong organizational and time management skills to manage multiple concurrent engagements.
* Current CREST CRT certification or higher is essential.
* Must hold or be eligible for SC Clearance.
Desirable Skills
* Experience with Breach Attack Simulation tools and methodologies.
* Experience in Vulnerability Management processes and integrating threat intelligence.
* Understanding of Risk Management frameworks and how threat intelligence informs risk assessments.
* Hands-on experience with security reviews of AWS, Azure, and GCP environments, incorporating cloud-specific threats.
* Experience with ISO 27001 auditing/implementation, understanding the role of threat intelligence in compliance.
* Other advanced cybersecurity certifications such as CISM, CISSP, ECSA, CREST CCT.
Company and Diversity
We are a global business that empowers local teams and undertakes exciting work across our portfolio of consulting, applications, business process, cloud, and infrastructure services. We value mutual respect, accountability, continuous learning, collaboration, well-being, growth, and agility, fostering a diverse and innovative organization. We are an equal opportunities employer and committed to equity and inclusion, including Disability Confident status. We offer flexible work options and continuous learning opportunities. If you require reasonable adjustments during the recruitment process, please let us know. We also operate Inclusion Networks including the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network, and the Parent Network.
We are seeking a highly skilled and experienced Penetration Tester Consultant - CREST registered with a strong focus on threat intelligence and attack methods. The ideal candidate will manage and conduct advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across OT, IT, web applications, cloud infrastructure, and APIs. This role requires deep understanding of adversarial approaches, excellent communication skills, and the ability to provide strategic, actionable recommendations to significantly enhance client security posture.
#J-18808-Ljbffr