Senior Penetration Tester

Company Description

Ready to make a difference? Experian has evolved into a global tech company and leader in data and analytics. We’re passionate about unlocking the power of data in order to transform lives and create opportunities for consumers, businesses and society. We’re a constituent of the FTSE 30 and for more than 125 years we’ve helped economies and communities flourish – and we’re not done.

Discover the Unexpected - Our 22k amazing employees in 30+ countries believe the possibilities for you, and the world, are growing. We’re investing in the future, through new technologies, talented people and innovation so we can help create a better tomorrow. To do this we employ ‘big-thinkers’ and ‘can-doers’ that share our purpose #uniquelyexperian

Job Description

Role Summary

Experian provides enhanced penetration testing services to our Business Units and Technology Groups across the Globe. This is an exciting opportunity to address the Application and Network environment ensuring to provide our clients confidence in a secure environment that is comprehensively tested to the highest standards. We are looking for a team member who can contribute to building a world class Penetration Testing environment. Our test team will be global to provide follow-the-sun capabilities. Experian will provide comprehensive training and ensure that our team grows its skills to address the needs of an organization that is constantly exploring and utilizing new technologies and solutions to be successful across its extensive global footprint.

Knowledge, Skills and Experience

• High levels of collaboration, communication skills, stakeholder management and teamwork
• Alignment with Experian’s purpose and core values, we look for ‘culture add’
• Knowledge of common pen test and application security tools, such as Kali Linux, Metasploit, Burp Suite, Wireshark, Web Inspect, Network Mapper (NMAP), Nessus and others
• Ideally Industry certifications such as CEH, OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
• Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences

Key Responsibilities

• Conduct tactical assessments that require expertise in application security (web and mobile), threat analysis, internal and external network architecture, and a wide array of commercial and custom products
• Configure and safely utilize attack tools, tactics, and procedures against authorized Experian targets
• Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
• Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities, and misconfigurations
• Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage
• Write formal security assessments for each penetration test using our company’s standard reporting format. Participate in conference calls with clients to review assessment results and consult with the clients on remediation options. Retesting security vulnerabilities that have been fixed and republishing reports to indicate the results of retesting

Qualifications

Qualifications

• 5 - 8 years experience -- Network penetration testing and manipulation of network infrastructure, Web application penetration testing assessments, Mobile application penetrating testing assessments, Email, phone, or physical social-engineering assessments
• Developing, extending, or modifying exploits, shell code or exploit tools. Experience with Red, Blue, or Purple teaming exercises
• Proficient in one or more of the following programming languages C, C++, C#, Java, Go AND scripting languages Python, PowerShell, Bash, Ruby
• Experience with network OS, Windows/ *nix/ MacOS, network communications protocols, virtual environments, cloud environments, mobile OS (Android/iOS) and containerized platforms
• Familiarity with defensive technologies such as firewalls, IPS/IDS systems, SIEM, EPP, EDR, UEBA, and data encryption
• Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC)

What you'll bring

undefined

Additional Information

Our uniqueness is that we truly celebrate yours. Experian's culture and people are key differentiators. We take our people agenda very seriously and focus on what truly matters; DEI, work/life balance, development, authenticity, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experian’s strong people first approach is award winning; Great Place To Work™ in 24 countries, FORTUNE Best Companies to work and Glassdoor Best Places to Work (globally 4.4 Stars) to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is a critical part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here