Senior Security Consultant (Penetration Testing)

At LRQA our focus has always been on excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides!

We're an award-winning provider of cyber security services and we're at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. LRQA will be at the forefront of this arena and we want to seek the right people to join the team and make it happen. You can find out more about us at https://www.lrqa.com/en-us/cyber-security-services/.

The Role

There is a new, exciting opportunity for a Senior Security Consultant to join LRQA's existing dynamic Global Penetration Testing Team.

Our security consultants are responsible for leading and delivering their own penetration testing security engagements with our clients. This includes the full lifecycle of an engagement from kick off call, testing, report creation, report delivery to debrief.

What You'll Be Doing

You will:

. Deliver penetration testing against a wide variety of systems. This is the core of the role.

. Lead or support engagement lifecycle activities such as kick-off calls, wrap up calls, status updates and debrief sessions for each penetration test you deliver.

. Produce clear and thorough reports for each engagement that demonstrate technical depth, business impact and continuous improvement through quality assurance reviews.

. Support presales activities by scoping engagements, advising principal security concerns and testing methodology.

. Build strong client relationships and ensure LRQA always delivers professional consultative style engagements.

. Stay current with emerging threats and provide technical analysis of the current IT security related events where applicable.

. Be a continuous learner, keeping up to date on a wide variety of IT Security related skills and industry knowledge.

. Mentor less experienced security consultants where appropriate.

Key Skills & Certifications

There is no single perfect profile. However, strong candidate will demonstrate some or most of the following:

. Hands-on experience in penetration testing.

. Be confident in all three domains or more: web application, mobile application or infrastructure testing.

. You love getting involved in deep technical challenges, while at the same time being able to clearly communicate risk to both technical and non-technical audiences.

. The ability to teach and mentor other members of the team is a distinct advantage it's part of what makes us LRQA!

. You code open-source tools, contribute to security blogs, or participate in CTFs.

. A passion for cyber, a thirst for knowledge and a constant desire to push yourself to the max.

. In depth knowledge and understanding of applications and networking.

. A background in Information Technology, development, networking, system administration is an advantage.

. A specialisation is a distinct advantage, such as cloud penetration testing skills, exploit development, reverse engineering etc.

We value capability over credentials. We're not looking for badge collectors. That said, one or more of the following will serve as a distinct advantage.

. A BSc degree in relevant technical discipline (or equivalent experience).

. CREST Registered Tester (CRT) or CREST Certified Tester (CCT).

. Offensive Security certifications (e.g. OSCP).

. Cloud security certifications (e.g. AWS Security Specialty / Azure AZ-500).

. Broader security certifications (e.g. CISSP / CCSP / CSK).

. Any other relevant penetration testing or IT certification.