Senior Penetration Tester

CyberLens is specialised in cyber security and privacy technologies, with a particular emphasis on Internet of Things (IoT), 5G, artificial intelligence and other data-driven technologies. Our mission is to protect the safety of digitisation and IT/OT convergence in industry, which is critical to the future wellbeing and prosperity of modern society.

As part of the continuous growth and expansion in our activities, we are looking for an outstanding Senior IT/OT Security Engineer who is seeking a new challenge and a unique opportunity to shape the future of cybersecurity for cyber-physical ecosystems. The successful candidate will gain exceptional experience in the planning and delivery of large-scale research and innovation projects at the forefront of technology and will collaborate with some of the biggest names in the industry. Indicative partners of ours in current large-scale projects include, among others; Ericsson, Deutsche Telekom, Nokia, Qualcomm, BMW, FIAT, ATOS, Thales, Altran and Panasonic.

Job Description

We are looking to hire a Senior Red/Purple Team Penetration tester who will contribute to the development of our next-generation threat detection and response platform for Industry 4.0. This position will play a pivotal role in driving our solution forward, as we aim to equip organisations with a paradigm shifting approach to cyber-physical cybersecurity, designed from the ground-up for integrated IT and OT environments.

The most essential duties associated with this position are as follows:

• Lead threat research and penetration testing activities within Cyberlens’ product development team;
• Design and implement threat simulations on PoC testbed(s) which accurately replicate common IT/OT threat behaviours and emerging trends in threat intelligence, utilising the latest security tooling and custom tooling as required;
• Lead the design, development and testing of threat detection and response models based on penetration testing and threat research activities, collaborating with the development team to integrate these capabilities with Cyberlens’ product suite;
• Investigate, document, and report on information security issues and emerging trends, with specific focus on the intersection between IT, OT and IoT threats and vulnerabilities;
• Write blogs, speak at conferences, provide training and presentations to internal teams and external future prospective customer engagements.

Skillset

Essential skills:

• 3 or more years of hands-on experience in a penetration testing / red/ purple team member role;
• Demonstrative ability to accurately interpret Threat Intelligence and other open source material (technical blogs, reports etc.) to form and implement realistic simulated attack scenarios;
• Ability to define remediation approaches to attack vectors and work with developers to design and develop detection models and threat indicators;
• Proficiency in scripting (e.g., Python, Go);
• Proficiency in analysing PCAP data or network logs to identify threat activity in common protocols used across IT and OT environments;
• Broad knowledge of offensive and defensive cyber techniques;
• Demonstrative passion for Cybersecurity (HacktheBox, CTFs etc.);
• Ability to prioritise and complete multiple tasks with minimum supervision;
• Ability to work independently or as part of a collaborative team effort.

Desirable skills:

• Understanding of and experience in using the ATT&CK Framework (Enterprise or ICS);
• OSCP Certified
• SANS or CREST Certified;
• Strong understanding of network security concepts;
• Comfortable providing training and presentations, writing technical blogs and public speaking at premier cybersecurity conferences.

Offer

• Depending on your knowledge and experience, a gross fee indication between £63,000 – £73,000 annually on the basis of a 40-hour working week;
• A professional, high-tech working environment;
• Opportunity to grow in a rapidly growing start-up.