AddressOverview
As a Penetration Tester you will perform formal and comprehensive penetration testing assessments, with a focus on containerisation, container orchestration/infrastructure and applications in general. This includes producing full written reports to appropriate standards and within agreed deadlines. In addition, you will support with client pre-engagement activities, including scoping and proposal drafting, as well as researching for relevant vulnerabilities, following responsible disclosure, and sharing such findings within the team.
Please Note: Due to the nature of our work this role will require client site visits.
Responsibilities
- This role will be focused on performing comprehensive technical assessments on the security posture of container supported/driven environments (such as Kubernetes & Docker etc); including application penetration tests, where appropriate and required;
- Provide well-written, concise, technical and non-technical reports in English;
- Perform vulnerability assessments and provide findings with remediation actions;
- Support with various client pre-engagement interactions, including scoping activities and proposal drafting;
- Manage and deliver penetration testing project activities within strict deadlines;
- Assist in scoping calls and discussions with customers to ensure that client needs are met;
- Any other appropriate job duties in line with the associated skill and experience of the post holder.
Skills and experience required
- Strong ability to review the configuration of container-based environments and identify security risks and misconfigurations;
- Strong knowledge in container engines, orchestration technologies and popular managed cluster services (such as Docker, Kubernetes, EKS, GKS, AKS etc.);
- Strong ability to review container orchestration architecture designs & supporting diagrams, providing consultation and guidance to bring solutions in line with best security practices. This includes multi-tenanted environments;
- Strong understanding of various network control, hardening and RBAC permissions policies & technologies for container environments (such as PSP, PSS, RBAC, HELM, Cilium, Calico, Gatekeeper etc.);
- Ability to identify and exploit privilege escalation vectors and lateral movement possibilities in container-based environments;
- Good understanding of container security best practice principles and industry standards (i.e CIS);
- Good understanding of compliance standards and how they can be adhered to in container environments (i.e PCI/DSS and the relevant segmentation required);
- Experience with container security assessment software & relevant command line tools/APIs to obtain information programmatically;
- Experience in building or expanding existing container security tooling;
- Proven industry experience in penetration testing held in a similar role;
- Strong understanding of OWASP, PTES and other penetration testing methodologies;
- Strong knowledge in testing web applications & APIs;
- Knowledge of how modern web apps are designed, developed and deployed across different platforms;
- Relevant security qualifications (such as OSCP, CREST);
- Good knowledge and understanding of network and OS architectures (32-bit & 64-bit).
Nice to Have
- Working knowledge of creating/building container-based environments;
- Knowledge of 3rd party authentication & user management strategies that integrate with containers (such as cloud SSO/OAUTH);
- Knowledge in testing mobile applications (iOS/Android);
- Container security blog posts & research
Personal Attributes
- Excellent spoken and written communication skills with strong attention-to-detail and accuracy;
- A passion for security and networks;
- Analytical and problem-solving skills with a can-do attitude and the ability to think laterally;
- Self-motivation with a commitment to continued development;
- Ability to work independently and as part of a team;
- Influencing and negotiation skills with the ability to build relationships at all levels;
- Willingness to learn.
Benefits
- 25 days annual holiday;
- An additional day’s annual holiday for your birthday;
- Company Pension contribution;
- Subsidized gym membership;
- Perkbox employee benefits platform;
- Frequent team events;
- Private Healthcare (individual cover only);
- Learning Allowance Benefit – a reimbursable benefit of £100 per annum (or equivalent) for you to spend towards your personal career development;
- Flexible working policy.
Company Overview
Bulletproof is a trusted provider of innovative cyber security and people-powered solutions. Our cyber security services are the best way to stay ahead of the hackers, take control of infrastructure and protect business-critical data.
With our own in-house UK Security Operations Centre (SOC) and years of industry experience, we help to protect our customers from current and emerging security threats. We provide a full spectrum of cyber security services including CREST-certified penetration testing, 24/7 threat monitoring, compliance support and security training to help organisations protect against today’s evolving threat landscape.
Strictly No Recruitment Agencies; any submission of resumes without prior request / engagement from Bulletproof Cyber Security will not be deemed as an introduction and therefore will not warrant an introduction fee.
