Principal Ethical Security Tester
Date: 06-Mar-2023
Location: Malvern, England, GB
Company: QinetiQ
Role- Principal check team lead GG13
Able to lead multi-part, multi-site engagements, leading a larger team of testers. Able to assist in the development of new methodologies and services. You will be required to achieve UK security clearance.
Role accountability
- Will lead and direct CHECK and non-CHECK engagements, and lead the testing team on engagements, acting as primary customer contact
- Hold responsibility for the conduct and actions of the test team, and allocate and co-ordinate work within the team during any customer engagements
- Lead customer engagements to scope and estimate effort for up and coming EST engagements
- Provide career guidance and mentoring for junior team members, and support where required, recruitment of new team members
- Design, plan and implement technical capabilities for the improvement of the Ethical Security Team capabilities
- Lead EST engagement with the wider QinetiQ Cyber Security capabilities across the business; based on the needs of the wider QinetiQ business
Technical capability
- Ability to use basic tools such as NMAP, Nessus and Burp Suite.
- Can interpret results of scanners and suggest next steps to investigate potential vulnerabilities.
- Can assess operating systems for vulnerabilities.
- Ability to document and suggest recommendations for identified vulnerabilities for EST test reports
- Propose, manage and deliver research projects across a broad technical footprint.
- Provide legal and regulatory understanding to the team.
- Lead and develop High Assurance methodology, tradecraft on behalf of the business
Knowledge
- Understand computer network (including TCP/IP) fundamentals and common high level protocols
- Understanding of operating systems
- Understanding of web application technologies
- Understanding of protocols and communication sequences expected for a number of technologies (e.g. DNS server, network devices).
- Understands laws and legal frameworks for Penetration Testing, and manage the correct application of laws, regulations and required ethical standards
- Advanced knowledge of issues and vulnerabilities related to both Infrastructure and Applications.
- High Assurance: - Direct and lead technical support on high assurance engagements, planning and taking responsibility for the delivery of operations in a safe, legal and ethical manner.
Experience
- 7+ years in Penetration Testing and/or similar security disciplines.
Qualifications
- CREST CCT (Infra) and CCT (Apps) OR
- TIGER Senior Security Tester (SST) (Infra) and TIGER Senior Security Tester (SST) (Apps)
- CyberScheme Team Leader (CSTL Inf) and CyberScheme Team Leader (CSTL App). If you only have one, willing and likely to qualify for the other qualification
- CHECK Team Leader (or eligible to become one)
- Additional qualifications in Cloud (GIAC Cloud Penetration Tester), SCADA/OT, CSAS or CSAM would be desirable
Why join QinetiQ?
As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having the courage to take on a wide variety of complex challenges.
You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Read more about our diverse and inclusive workplace culture here.
Joining QinetiQ offers you an opportunity to work on a broad range of interesting defence-based projects with vast career progression across a global organisation in addition to competitive personal and professional benefits. You’ll receive a highly competitive salary and benefits package: our basic salaries are very attractive as we constantly review what’s happening in the market. The range of benefits that we offer include, adaptive and flexible working, generous holiday entitlements, Health Cash Plan, Private Medical Insurance and Dental Insurance and much more.
About QinetiQ
As a company of over 6,000 dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.
Please note that many roles in QinetiQ are subject to national security vetting. Applicants that already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. A number of roles are also subject to restrictions on access to information that mean factors such as nationality, previous nationalities held and the country in which you were born may have an effect on the roles that you can be employed in.