The Penetration Testing Lead role & responsibilities is detailed below:-
Responsible for Customer Cybersecurity OT & IT Annual Penetration testing lifecycle.
Responsible for delivering defined volume of pen tests across Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments.
Responsible for identifying & tiering Customer OT & IT assets, services & systems to build on the current Tiering system identified in the Discovery phase.
Prioritisation, detailed planning & scheduling of all Pen Test engagements. Ensuring weekly, monthly & annual testing exercises and scheduled based on Tiering.
Engage with Product Group owners & internal stakeholders as part of the discovery phase to ensure that there will be no duplications of effort around pre-existing/pre-planned pen test engagements (Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments)
Manage Annual Pen test Supplier engagements & the relationships within Customer.
Manage all onboarding and offboarding of 3rd party Supplier resources, ensuring they have all required accounts/privilege/physical security badges etc to be able to start their engagement.
Responsible for managing Operational Gas Business Owner relationships.
Manage regulated operational sites business processes including sign off.
Build and own all required and relevant policies and procedures around pen testing within Customer adhering Best Practices & NCSC guidance.
Review 3rd parties pen test reports, briefing internal stakeholders on findings.
Capture and document the findings, risks and exceptions and recommend remediation.
Collaborate with IT and cybersecurity teams to enhance security protocols and remediate finding.
Tracking progression of remediation tasks. Reporting on a weekly basis to internal stakeholders on progress and any blockers. Building secure Power Bi dashboards to report on progress.
Update the Customer CMDB with the relevant vulnerabilities. Ensure this is highly secured.
Provide monthly reporting on remediation activities and track progress to Cybersecurity & I.T Management team.
Manage the patching regime to remediate the identified pen test vulnerabilities. Confirm with BAU Vulnerability Management team that there is no duplication of effort.
Required skills.
Strong understanding of both OT & IT asset profiles, technology & security best practice principles.
Excellent report writing and communication skills for documenting findings and advising on security improvements.
Must have previous experience working in a technical cyber security role.
Strong understanding of network protocols, cryptography, and security vulnerabilities.
Preference given to candidates with OSCP certification.
Preference given to candidates that have recent experience working as a Pen tester or worked in a Red Team type role.
SC clearance (Need to confirm requirement) & CREST Certification would be preferable.
Proficiency with penetration testing tools.
Understanding of OWASP.
Understanding of what API’s are, how they’re used and how they can be utilised by an attacker.
Strong stakeholder engagement and relationship management
