Cyber Security Analyst and Penetration Tester

Overview of Company

Ascentor specialises in independent cyber risk management. We view information security as a powerful business enabler. As part of the Amtivo Group, we specialise in independent information and cyber security consultancy.

Who are we looking for?

This exciting opportunity is for a highly motivated person to join our expanding Managed Security Services team in providing Cyber Security Health Checks (Penetration testing), vulnerability assessments and certification audits of computer networks, infrastructures, including, Cyber Essentials (CE), Cyber Essentials Plus (CE+) and IASME Cyber Assured audits for Ascentor and Amtivo group customers.

Role Overview

This role offers the applicant the opportunity to widen their skills by training to be a member of the Security Monitoring team to monitor and respond to incidents in customer infrastructure.

Core responsibilities

Delivering:

  • Operate a hands-on role involving penetration testing and vulnerability assessment activities of network infrastructure, operating systems, wired and wireless networks, and mobile applications/devices.
  • Develop and maintain security testing plans.
  • Develop meaningful metrics to reflect the true posture of the customer environments allowing the organisation to make educated decisions based on risk.
  • Produce actionable, threat-based, reports on security testing results.
  • Act as a mentor for the direction, training, and guidance for less experienced Ascentor staff.
  • Consult with client application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation.
  • Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors, and regulators.
  • Foster and maintain relationships with key stakeholders and business partners.
  • Perform Cyber Essentials, Cyber Essentials+/IASME Audits.
  • Provide guidance and support to clients to help them achieve cyber certifications and protect their businesses.
  • Deliver other Ascentor technical cyber services as appropriate.

Planning:

  • Plan and manage penetration testing engagements.
  • Work with customers to define scope.
  • Plan and deliver CE/CE+/IASME audits following best practise and in line with internal targets.

Reporting:

  • Produce high quality and detailed reports from the output of:
    • Penetration tests,
    • Vulnerability Management scanning services,
    • CE/CE+/IASME audits,
    • Highlighting vulnerabilities and weaknesses that could be exploited,
    • Provide detailed remediation advice to reduce or mitigate against any vulnerabilities found.
  • Support in the documentation and recording of:
    • Incident logs,
    • Lessons learned output.

Resourcing:

  • Support teams across the Amtivo Group as appropriate for business development activities.
  • Support the relevant teams across the Group to understand and maintain the delivery of CE/CE+/IASME audit requirements.

Training:

  • Undertake training and exams to become a:
    • CE/CE+/IASME Assessor (if required),
    • Cyber Security Operations Centre Analyst,
    • Achieve AlienVault Certified Security Engineer (ACSE) qualification,
    • Optionally, develop as a Security Architect, achieving CCP certification.

Education & Training

Essential:

  • 3 years’ experience of IT/Cyber role.
  • Cyber Scheme Team Member (CSTM) or CREST Registered Penetration Tester.
  • Cyber Essentials and Cyber Essentials + Auditor.
  • HND in IT related discipline (or equivalent).

Desirable:

  • CREST Certified Infrastructure Tester or Cyber Scheme Team Leader (CSTL).
  • IASME Cyber Assured Assessor.
  • Secure configuration of Microsoft 365 and Azure services.
  • Good knowledge of Cyber Security Standards and Frameworks such as ISO 27001, NIST, CIS.

Competencies

High level behavioural indicators:

  • The ability to work autonomously and part of a team.
  • Communicates clearly and effectively across all levels with internal and external stakeholders.
  • Ability to problem solve and offer solutions.
  • Ability to plan, manage and deliver on a variety of tasks and projects.
  • A minimum of 3 years’ experience in IT/Cyber (excluding training).

Technical Competencies:

  • Good knowledge of Cyber Security Standards and Frameworks such as ISO 27001, NIST.
  • Good knowledge of system/data vulnerability, intrusion, detection, access and authorization, firewall, encryption, protocols, and threat protection.
  • Strong analytical and problem-solving skills, with the ability to manage multiple tasks.
  • Good knowledge of Information Security technologies; NIDS/IPS, HIDS, WAF, Firewalls, content filtering, Vulnerability Management, Incident response.
  • Experience with Unix/Linux operating systems, working with network and server monitoring.
  • Good knowledge of Penetration Testing techniques and methodologies.
  • Good knowledge of Cyber Essentials and Cyber Essentials Plus Standards.

Beneficial Competencies:

  • Experience with vulnerability tools such as NESSUS, TENABLE I/O, QUALYS.
  • Experience with Unix/Linux operating systems, working with network and server monitoring.
  • Knowledge and Experience of basic pen testing.

Context:

The CASPT is accountable through the business cycle for:

  • Supporting the HTAS and Business Development teams in pre-sales activities.
  • Scoping, managing and delivery of Cyber Security Health Checks through to completion.
  • Maintaining and extending relevant knowledge and qualifications required to fulfil the role.
  • Maintaining a high quality of testing and reporting skills required.
  • Achieving Cyber Essentials Plus Assessor level and successfully delivering Cyber Essentials Plus audits.
  • Achieving and maintain qualifications to deliver the VA service.
  • Successfully monitoring and maintaining all IT systems and equipment.
  • Supporting the development and delivery of Ascentor IT change projects.

Success Criteria:

A successful applicant will:

  • As a minimum hold a current Cyber Scheme Team Member (CSTM) or CREST Registered Penetration Tester qualification.
  • Be looking to enhance their knowledge and skills by attaining CREST Certified Infrastructure Tester or Cyber Scheme Team Leader (CSTL) qualification.
  • Be self-motivated and can work independently where required.
  • Demonstrate a commitment to not only expanding their knowledge and skills but also a willingness to mentor less experienced colleagues.
  • Seeking to expand knowledge and expertise by supporting other core services within our Technical Assurance Services  Portfolio.
  • Attain Cyber Essentials Plus assessor qualifications where required.

 

If you’re interested in a confidential conversation, please email your CV to recruitment@amtivo.com.