Back to Job SearchThe team you'll be working with:
We are looking for a penetration tester lead with hands-on experience. This role is perfect for a CREST Registered penetration tester who is keen to lead testing engagements for a range of interesting clients with our Security Practice.
NTT DATA is one of the worlds largest Global Security services providers with over 7,500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
What you'll be doing:
- Lead, manage and deliver CREST-accredited penetration testing engagements.
- Providing high-quality reporting and communicating findings to clients.
- Document test plans, execution plans and Use Cases
- Conducting security research and creating technical content
- Ability to support Security Monitoring (blue team) to ensure tests are adequately detected and responded to appropriately.
- Manage client’s annual penetration testing schedule
- Responsible for Cybersecurity OT & IT Annual Penetration testing lifecycle.
- Responsible for delivering defined volume of pen tests across Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments.
- Responsible for identifying & tiering OT & IT assets, services & systems to build on the current Tiering system identified in the Discovery phase.
- Prioritisation, detailed planning & scheduling of all Pen Test engagements. Ensuring weekly, monthly & annual testing exercises and scheduled based on Tiering.
- Engage with Product Group owners & internal stakeholders as part of the discovery phase to ensure that there will be no duplications of effort around pre-existing/pre-planned pen test engagements (Application, Infrastructure, Websites, Api’s, O365, Azure, AWS and OT environments)
- Manage Annual Pen test Supplier engagements and relationships.
- Manage all onboarding and offboarding of 3rd party Supplier resources, ensuring they have all required accounts/privilege/physical security badges etc to be able to start their engagement.
- Build and own all required and relevant policies and procedures around pen testing adhering Best Practices & NCSC guidance.
- Review 3rd parties pen test reports, briefing internal stakeholders on findings.
- Capture and document the findings, risks and exceptions and recommend remediation.
- Collaborate with IT and cybersecurity teams to enhance security protocols and remediate finding.
- Tracking progression of remediation tasks. Reporting on a weekly basis to internal stakeholders on progress and any blockers. Building secure Power Bi dashboards to report on progress.
- Update the CMDB with the relevant vulnerabilities. Ensure this is highly secured.
- Provide monthly reporting on remediation activities and track progress to Cybersecurity & I.T Management team.
- Manage the patching regime to remediate the identified pen test vulnerabilities. Confirm with BAU Vulnerability Management team that there is no duplication of effort.
What experience you'll bring:
- Professional penetration testing experience covering one or more of the following domains: OT, networks, API's, web application, Cloud, red teaming and social engineering.
- SC Clearance, or capable of obtaining SC Clearance
- Strong understanding of both OT & IT asset profiles, technology & security best practice principles.
- Strong understanding of network protocols, cryptography, and security vulnerabilities.
- Hold at least an OSCP, CREST CRT or equivalent certification.
- Experience of scoping penetration tests.
- Proficiency with penetration testing tools.
- Strong stakeholder engagement and relationship management
- Excellent written and verbal communication skills.
- Good organisation and time management ability.
In addition, the following would be desirable:
- Breach Attack Simulation
- Vulnerability Management
- Risk Management
- AWS, Azure, GCP security review experience.
- ISO 27001 auditing/implementation experience.
- Other cyber security certifications such as CISM, CISSP, ECSA, CREST CCT.
Who we are:
We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA
what we'll offer you:
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
For more information on NTT DATA UK & Ireland please click here: NTT DATA
We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a Disability Confident Committed Employer - we want to see every candidate performing at their best throughout the job application and interview process, if you require any reasonable adjustments during the recruitment process, please let us know and we look forward to hearing from you.
Service Line Manager
Warren is a seasoned security consulting advisory leader & practitioner, who has worked in the Professional & Consulting Services sector for more than 25 years. Employed by NTT he holds a trusted client advisory & consulting role as well as working in client executive or director level roles, Warren is focused on building, leading & directing corporate security functions, educating client boards & executive management on Information & Cyber Security risks, defining strategies in Enterprise & Service Provider environments, as well as helping clients solve individual Cyber & Info. Sec. challenges. Warren understands business language, identifies key drivers and links this to his extensive experience in enterprise security, strategy & road mapping, audit, and a depth of knowledge in a portfolio of security, risk and privacy / industry methodologies & frameworks; NIST, ITIL, SABSA, TOGAF, COBIT, COSO & ISO to name just a few.
Location
“Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day.
At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally - with access to cutting edge innovation.”
Fernando Apezteguia, CEO, NTT DATA UK
