Location: Belfast
Workplace: Hybrid
The opportunity:
The Security Vulnerability and Penetration Testing Engineer will oversee and serve as a technical resource for all assessment activities related to the security posture of existing and proposed firm systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of information systems per the firm's business objectives, regulatory requirements, and strategic goals.
Main responsibilities:
1. Perform security penetration testing of the Firm’s systems, platforms, and applications
2. Serve as a Subject Matter Expert (SME) for the VAPT function
3. Serve as the system owner for common VAPT toolsets, platforms, and processes
4. Provide technical assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles
Skills and experience:
5. A Computer Science bachelor’s degree or substantially equivalent experience
6. CISSP is required
7. GIAC GPEN or GWAPT is preferred
8. Offensive Security OSCP is required
9. Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking
10. Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables
11. Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave
12. Expert in common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc.
13. Expert in mobile platform security technology, including vulnerability identification and exploitation tools, as well as mobile platform security best practices, frameworks, etc.
14. Understand VAPT in the context of risk management and organizational priorities
15. Passionate in the practice and pursuit of VAPT excellence
16. Able to validate the presence of identified vulnerabilities with accuracy
17. Master in common application platforms and technologies to effectively understand and evaluate complex application assessments via the use of manual techniques and simple tools such as proxies and browser plugins
18. Authoritative mastery of OWASP, CVE, general security controls, and other foundational topics, such as the latest application and operating system exploits
19. Expert knowledge of common scripting and programming languages is advantageous.
20. Ongoing commitment to understanding the threat landscape and common adversary motivations/practices. Ability to quickly adapt practices to evolving circumstances
21. Able to maintain critical thinking and composure under pressure
22. Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
23. Capable of assisting with the preparation of internal training materials and documentation
Working at Baker McKenzie Belfast Center:
Baker McKenzie is the world’s leading law firm with offices all over the world. Our Belfast Center is home to over 400 colleagues in both legal and professional services.
We offer one of the best workplace benefits packages in the industry, featuring comprehensive private health cover, income protection, life assurance, and a comprehensive employee assistance plan. These and a host of other benefits make us one of the most desirable companies to work for in Belfast.
Baker McKenzie is an Equal Opportunity Employer. We are committed to promoting diversity and inclusion for all. Our unique international culture is reflected in the drawing together of a worldwide family of individuals from diverse cultures and backgrounds in all of our offices. We encourage the best people - regardless of race, religion or belief if any, gender, gender identity, disability, sexual orientation or age - to fulfill their professional aspirations with us. We are committed to ensuring an inclusive and accessible experience for all candidates.