About The Role

The Continuous Security Testing service is a consultant led vulnerability identification and verification service which makes use of automated vulnerability scanning along with significant manual testing against a broad scope in a continuing engagement. The purpose of the service is to continually monitor a customer\xe2\x80\x99s external attack surface for new vulnerabilities, changes in the scope of the attack surface, and proactively inform customers of discovered issues along with recommended remediation; with the overall aim of reducing the lifetime of each vulnerability. Manual testing includes identification of issues which automation alone could not identify, exploitation of all issues, often chaining multiple findings together in order to determine the true impact of vulnerabilities for the customer.

• Pre-engagement activities including scoping of assessments and statements of work and determining customer requirements and restrictions.
• On boarding customers into the service including configuration of continual scanning and liaising with customer to resolve issues which may reduce the effectiveness of scanning.
• Monitoring of the customers\xe2\x80\x99 external perimeter for changes, and proactive discovery of new targets to include within the customer\xe2\x80\x99s scope.
• Manual identification and exploitation of vulnerabilities.
• Manual verification and exploitation of scanner findings.
• Detailed analysis of issues identified and exposure for the customer including proof of concept, reproduction steps, and recommended remediation.
• Communication of findings to the customer in a detailed, accurate and manageable manner both orally and through written vulnerability/scope notifications and periodic summaries.
• Assisting in the continual development of the team and service through research and development activities. This includes the development of in-house tools the implementation of tools released to the community, and design and documentation of new and existing internal systems and processes.
• Continual professional development to maintain and develop knowledge and technical competencies.
• Maintain professional technical qualifications to demonstrate competency to our clients.
• Contributing to the writing and publishing of whitepapers and advisories.
• Undertaking projects and support tasks as appropriate to the role.

About You

Essential Technical:

• Core computing skills including but not limited to:
  • Networking fundamentals \xe2\x80\x93 understanding of OSI Model, TCP/IP, HTTP, DNS, SMB, SMTP and relevant tools.
  • Microsoft Windows and Office proficiency along with proficiency in one or more Linux distributions.
• Strong knowledge of web application technologies and security assessment including but not limited to:
  • REST APIs, SOAP APIs, XML and JSON formats.
  • Vulnerability identification and exploitation (not limited to OWASP Top 10).
  • Experience with common assessment tools such as MITM proxies (e.g. Burp Suite Pro) and SQLMap.
• Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to:
  • Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualisation, databases, switches/routers, etc).
• Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell, or Bash, for the development of new, or editing existing, tools.

Essential Experience:

• Providing remediation advice
• Producing accurate technical reports
• Working under pressure of deadlines and structuring workload accordingly
• Problem-solving, helping others to understand complex ideas

Essential General:

• Client facing, able to confidently and professionally represent the company
• Must be self-motivated and able to work in an independent manner as well as part of a team
• Excellent written and oral communications skills
• Positive, collaborative and enthusiastic
• Appetite to shadow, train and develop to improve capabilities into all areas of security testing

In addition, the following are highly desirable:

• CEH, OSCP, OSWE or equivalent reputable information security certifications
• Familiarity with testing cloud environments
• Public speaking experience

About Us

About Claranet Founded at the beginning of the dot.com bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernisation experts, who deliver solutions across 11+ countries. At Claranet, we\xe2\x80\x99re experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We\xe2\x80\x99re committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business. We are agile, focused and experienced in business modernisation. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services. In the UK we have over 500 staff working in London, Gloucester, Warrington, Bristol, and Leeds, or as homeworkers. Working For Claranet Here at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean it). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, dental, discounted gyms and app supported benefit access. But what we think makes us different is \xe2\x80\x98Team Claranet,\xe2\x80\x99 our dedicated internal part of the business that supports you with matters close to your heart. We proudly support local charities in each of our office locations, support employees with paid charity leave, organise key charity fundraising event per year and have a dedicated committee responsible for supporting employee\xe2\x80\x99s fundraising efforts. Claranet are one of the 10 founding members of TC4RE (Technology Community for Racial Equality.) Being a part of a group of leading UK technology organisations, we are dedicated to building a more diverse and inclusive workforce. We are also very proud members of Tech Talent Charter, a government supported, industry-led membership group created to address the UK\xe2\x80\x99s tech talent shortage and diversity gap through collective action. Our Vision Our vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders. Position Summary The primary function of the Penetration Tester in the CST team is to continually review the customers\xe2\x80\x99 defined scope for vulnerabilities, identify additional targets that should be included in the scope, and report these to the client in a timely, accurate, and comprehensive manner. The Penetration Tester is also responsible for pre-engagement activities including scoping, statements of work, working with customers to determine their testing requirements and restrictions, on boarding customers into the service and contribute to the service improvement and further development. Role Mission Claranet\xe2\x80\x99s strategy is to build long-term, trusted relationships with its customers by delivering market-leading, integrated managed services. We are seeking highly driven and aspirant penetration testing consultants to conduct a broad range of specialist engagements.