Dixons Carphone are hiring a Senior Penetration Tester to work within our Information Security team. Penetration testing is a key activity that provides assurance over the security of the Dixons Carphone (DCG) estate. Within the ever-changing retail market, new systems, projects and designs are consistently required to keep DCG at the forefront of the market. With this, there is the challenge of ensuring that these new systems are built and configured in a secure manner and that they do not expose DCG to unnecessary risk. The Senior Penetration Tester is an essential part of this process by providing assurance to the business that potential vulnerabilities are being identified, managed and remediated effectively.
•Identify systems, processes or applications which are potentially high risk and pose a threat to DCG security.
•Schedule and perform internal vulnerability scanning and application testing across the DCG estate.
•Schedule and perform application security penetration and vulnerability testing against applications that are within the scope of DCG compliance requirements.
•Support the ongoing PCI compliance programme with requirement identification and targeted testing in line with PCI guidelines.
•Manage the vulnerability management process for the DCG network perimeter.
•Perform discovery exercises to help develop and maintain the DCG asset inventory.
•Support in the scoping and delivery of Red Teaming exercises.
•Manage third party suppliers who support in the delivery of Penetration Testing exercises.
•Identify and address emerging information security threats and their potential impact to DCG, working closely with the Digital Defence team to help mitigate threats.
•Support in refining and documenting the above processes to ensure consistency in delivery and continual improvement of the process.
Required Skills & Experience:
•Experience of managing the end to end penetration testing and vulnerability scanning processes.
•Knowledge and experience of application testing.
•Strong understanding of various commercial and/or open-source security tools (e.g. Burp suite, Metasploit, Nessus, Nmap).
•Experience of producing technical reports detailing the outcomes of testing activity.
•Ability to translate technical findings and testing outcomes into language that is accessible to business (and other non-technical) stakeholders.
•Experience of managing the output of penetration testing to deliver remediation, mitigation or risk acceptance requirements.
•Ability to manage and coordinate stakeholders from multiple third party providers (e.g. managed services, pen testing providers etc.) to deliver to strict project and compliance timelines.
•Experience of working within a large multinational organisation, preferably a retailer or telecommunications provider.
•Educated to Degree level or higher, preferably in a computing, engineering or information security related discipline.
•Security certifications such as CISSP, CISMP are desirable
•Testing certifications such as CHECK, Tiger or CREST are required.
•Project & Programme Management (e.g. PRINCE2) qualifications beneficial.
It's an exciting time to join us and find yourself a place in our growing success story, apply now