Ethical Security Tester
Date: 24-May-2023
Location: Malvern, England, GB
Company: QinetiQ
Role purpose
Provide application and infrastructure security testing, and contribute to development of “Red Teaming” and Advanced Intrusion Testing services
Key accoutabilities
- Undertake CHECK and non-CHECK security testing work for customers
- Work as part of a CHECK and non-CHECK testing team supporting a Team Leader
- Research & develop new attack techniques that support and enhance QinetiQ security testing capability
- Propose mitigations for identified vulnerabilities
- Writing reports of security testing engagements for customer
- Scoping, estimating and bidding customer engagement
Key capbilities/Knoweldge
- Able to use tools such as NMAP, Nessus, Burp Suite and Cobalt Strike.
- Able to interpret results of scanners and suggest next steps to investigate potential vulnerabilities.
- Able to assess operating systems for vulnerabilities.
- Able to contribute “Red Teaming” and Advanced Intrusion Testing skills including design, development and delivery of advanced adversarial techniques (e.g. including social engineering)
- Able to do independent research and devise new and novel attack methods that contribute to and enhance QinetiQ security testing capability
- Able to document and suggest recommendations to mitigate identified vulnerabilities
- Able to Create and contribute to end of testing reporting for client
- Able to scope, estimate and bid client engagements
- Able to technically support High Assurance engagements under the direction of the CHECK Team Leader or technical lead
- Understand computer network (including TCP/IP) fundamentals and common high level protocols
- Understand operating systems
- Understand web application technologies
- Understand protocols and communication sequences expected for a number of technologies (e.g. DNS server, network devices).
- Understands laws and legal frameworks for security (aka penetration testing)
- Advanced knowledge of issues and vulnerabilities related to either Infrastructure or Applications
- Understand ‘red teaming’
- Understand the inherent risks of working with simulated attack technology & techniques and how to work responsibly and protect the knowledge & capability effectively
Experience and qualifications
Essential
- Minimum 18 months experience delivering security testing services as qualified (CREST, Tiger, Cyber Scheme, CHECK) tester to customers, either focused on Infrastructure or Applications
- CREST Practitioners Security Analyst (CPSA) & CREST Registered Tester (CRT) or TIGER qualified security team member (QSTM) or Cyber Scheme Team Member (CSTM)
- High personal integrity and clear ethical values expected of professional security testers
- UK SC or higher security clearance
Desirable
- CHECK Team Member
- Offensive Security PEN-210, PEN-300, WEB-300
- CompTIA Pentest+
- Membership of CIISec or equivalent
Please note that all applicants must be eligible for SC clearance as a minimum.
UKSV National Security Vetting Solution: guidance for applicants - GOV.UK (www.gov.uk)
#ITDDQ123
Why join QinetiQ?
As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having the courage to take on a wide variety of complex challenges.
You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Read more about our diverse and inclusive workplace culture here.
Joining QinetiQ offers you an opportunity to work on a broad range of interesting defence-based projects with vast career progression across a global organisation in addition to competitive personal and professional benefits. You’ll receive a highly competitive salary and benefits package: our basic salaries are very attractive as we constantly review what’s happening in the market. The range of benefits that we offer include, adaptive and flexible working, generous holiday entitlements, Health Cash Plan, Private Medical Insurance and Dental Insurance and much more.
About QinetiQ
As a company of over 6,000 dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.
Please note that many roles in QinetiQ are subject to national security vetting. Applicants that already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. A number of roles are also subject to restrictions on access to information that mean factors such as nationality, previous nationalities held and the country in which you were born may have an effect on the roles that you can be employed in.