Senior Penetration Tester
Join to apply for the Senior Penetration Tester role at Clifford Chance.
Job Description
This role reports to the Head of Information Security. It requires a fast‑learning, self‑motivated individual to add capability and capacity to our small but highly effective team. Your work will help implement and improve the processes that provide a structured, systematic, and audited approach to Information Security across the firm.
Responsibilities
* Conduct thorough Red Team offensive penetration testing on our IT (on‑premises and cloud) infrastructure to identify vulnerabilities and provide remediation recommendations.
* Perform security assessments on cloud‑based applications, ensuring adherence to industry standards and best practices.
* Execute red‑team exercises to simulate real‑world attack scenarios, testing detection and response capabilities both internally and externally.
* Assess and test the security of internally deployed infrastructure, IoT devices and sensors, SmartBuilding digital landscape, data lake, and web‑based APIs.
* Provide guidance to internal teams on API security testing and secure practices, carrying out assessments as required.
* Collaborate with stakeholders on testing models for Generative AI security and on the overall security testing landscape.
* Implement security measures and enhance the firm's overall security posture through cross‑functional collaboration.
* Prepare detailed reports and presentations on findings, delivering actionable insights to technical and non‑technical stakeholders.
* Stay informed about the latest security trends, threats and technologies to proactively address potential risks.
* Assist in developing and maintaining security policies, procedures, and guidelines.
* Act as the key point of contact for all security testing engagements and collaborate with stakeholders to maintain compliance with client and external audit requirements.
* Utilise data and feedback to drive continuous improvements in security testing.
* Support the security team in capacity building and knowledge sharing.
* Research and analyze existing security policies, standards and resources to identify training and guidance gaps.
* Participate in the evaluation, selection and implementation of security testing technologies.
* Support the firm’s certification activities (ISO27001, SOC2, Cyber Essentials Plus) by assisting with audits, documentation and continuous improvement efforts.
* Engage with security industry groups and external partners to stay aligned with best practices and industry standards.
Qualifications
* Comprehensive experience in security testing and red teaming, with a strong ability to communicate findings effectively.
* Background in information security with proven ability to conduct a wide range of security tests and provide actionable guidance.
* Strong organisational skills and the ability to manage multiple concurrent assignments.
* Knowledge of how Information Security aligns with business objectives and client assurance needs.
* Degree-level education preferred; certifications such as CREST, CHECK, OSCP, OSWE, OSWA, or IISP membership highly advantageous.
* Ability to quickly assimilate information, assess and document risks, and engage stakeholders at all seniority levels.
* Experience with structured documentation (process, format, version control) is important.
* Potential future requirement for security clearance.
Hybrid Working
This role follows a balanced hybrid approach; as long as business needs allow, you will be supported to work in a hybrid way with the expectation of working from the office for a minimum of 50% of your time.
What We Offer
As a Clifford Chance employee you will have access to a broad range of benefits supporting you across many aspects of your personal and professional life, including financial, wellbeing, lifestyle and family‑friendly benefits. For more detailed information, please visit our What We Offer page.
Equal Opportunities
At Clifford Chance, we understand that our true asset is our people. Inclusion is good for our team and their families, our firm and society. We are committed to treating all employees and applicants fairly and equally regardless of gender, gender identity, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation or age. This applies to recruitment and selection, terms and conditions of employment and every other aspect of employment. Find out more about our inclusive culture here.
#J-18808-Ljbffr