Engineer, Offensive Cybersecurity

ABACUS
Sittingbourne, United Kingdom
6 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Sittingbourne, United Kingdom

Tech stack

Private Networks
Microsoft Windows
API
Amazon Web Services (AWS)
Apple Mac Systems
Software System Penetration Testing
Azure
Bash
Cloud Computing
Computer Security
Data Centers
Linux
White-Box Testing
Intrusion Detection Systems
OSI Models
Python
Network Virtualization
Powershell
Red Team (Cyber Security)
Software Engineering
Web Applications
Scripting (Bash/Python/Go/Ruby)
Information Security Management System
Google Cloud Platform
Cloud Platform System
In-Plane Switching (IPS)
Mitre Att&ck
Information Technology
Vulnerability Analysis

Job description

  • Performing external and internal network vulnerability assessments, penetration tests, and social engineering engagements.

  • Creating and conducting technical reviews of various highly detailed cybersecurity testing reports.

  • Researching and staying up to date with the latest penetration testing techniques, tools and methodologies.

  • Either currently or in the future, perform white box risk assessments and penetration tests of cloud environments (Azure, AWS, GCP)

  • Assisting with the development of various scripts, tools, and processes to help automate various pentesting processes.

  • Presenting various penetration testing reports to customers and discussing nuanced technical recommendations, with the expectation of leading customer presentations within 3 months.

  • Discuss with, collaborate with, and train teammates from the Cybersecurity Red Team around various tools and techniques associated with network penetration testing.

  • Managing physical testing appliances (penboxes or security testing appliances). Duties include inventory management, device setup and configuration (scripts have been internally created), and, at times, shipping and receiving.

Requirements

  • Critical and creative thinking to strategize how to add value to customer engagements.

  • Ability to self-manage time and commitments.

  • Strong attention to detail and well-organized.

  • Highly motivated to continuously learn and innovate.

  • Excellent verbal communication and written communication skills, especially when communicating complex concepts to non-technical audiences.

  • Exceptional spelling and grammar skills for writing and proofreading documents.

  • Comfortable scripting in Python, Bash, and PowerShell

  • Familiar with Windows, MacOS, and Linux operating systems

  • Familiarity and comfortability operating within the Linux operating system.

  • A thorough understanding of the OSI model, the functionality of common protocols, and major relevant vectors of exploitation.

  • A thorough understanding of the MITRE ATT&CK Framework and the Penetration Testing Execution Standard.

  • Familiarity with the fundamentals of heuristic-based threat detection technologies such as IDS, IPS, EDR, XDR.

  • Understand basic datacenter, cloud, and virtual networking concepts., * Value, integrity, and honesty above all else in a non-negotiable way.

  • Have a passion for the information security industry and helping people.

  • Are capable of managing time efficiently and meeting deadlines with multiple concurrent projects.

  • Are able to work within constraints and to challenge the status quo.

  • Are able to self-direct work, orient to action, and truly own the position.

  • Have a collaborative attitude and mindset with colleagues and team members

Qualifications:

  • 3+ Years of Penetration Testing Experience (Required)

  • 2+ Years of Experience working with a major cloud platform (Azure, AWS, or GCP) (Required)

  • Bachelor's Degree in one of the following areas of concentration: Computer Science, Software Development, Information Technology, Cybersecurity (nice to have)

  • Background in physical device management (nice to have)

  • Familiarity with web application and API penetration testing (nice to have)

  • 2+ Years experience scripting in Python for automation, data science, or cybersecurity purposes (nice to have)

  • Hold one or more of the following CREST Certifications (required)

  • CREST Registered Penetration Tester (CRT)

  • CREST Certified Tester - Infrastructure (CCT INF)

  • CREST Certified Simulated Attack Specialist (CCSAS)

  • CREST Certified Simulated Attack Manager (CCSAM)

One or more of the following certifications (nice to have)

  • Practical Network Penetration Tester (PNPT)

  • Offensive Security Certified Professional (OSCP)

  • Certified Red Team Operator (CRTO)

  • Certified Azure Red Team Professional (CARTP)

  • HackTricks AWS Red Team Expert (ARTE)

  • HackTricks GCP Red Team Expert (GRTE)

Benefits & conditions

Employee discount, Life insurance, Private dental insurance, Company pension, Private medical insurance, Discounted gym membership, Company events, * Gym discount

  • Life insurance

  • Comprehensive travel insurance for you and your family in line with scheme rules

  • Confidential well-being and counselling support

  • Competitive compensation

  • Commission eligible

  • Contributory pension scheme

  • Company events

  • Private Medical and Dental Insurance

  • Fantastic company culture and values

Apply for this position