At a Glance
- Tasks: Uncover cyber vulnerabilities through ethical hacking and penetration testing.
- Company: Join Capital One's dynamic Offensive Security team.
- Benefits: Competitive salary, flexible work options, and career growth opportunities.
- Other info: Collaborative environment with opportunities to influence security practices.
- Why this job: Make a real impact in cybersecurity while working with cutting-edge technologies.
- Qualifications: Experience in penetration testing and strong knowledge of security frameworks.
The predicted salary is between 55000 - 65000 £ per year.
About the role
Capital One Offensive Security reduces cyber risk by uncovering vulnerabilities and weaknesses in the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios. This position works closely with team members to plan, coordinate, execute and report on sophisticated ethical hacking exercises, to identify cyber vulnerabilities and reduce the risk posture of enterprise systems. This role will be primarily responsible for performing application and network security assessments and will make recommendations to management on effective countermeasures. The successful candidate for this position will be part of an exciting and dynamic environment to build and deliver industry leading ethical hacking capabilities to continuously protect and defend Capital One brand, systems and data. Offensive Security is part of the Cyber Operations and Intelligence program and assists with identifying opportunities to enhance Capital One’s information security posture against a broad range of cyber threats, and develop strategies to most effectively address the threats. This position is to be located in either London or Nottingham.
What you’ll do
- Perform penetration testing of APIs, web applications, networks, and cloud services, as well as related applications and infrastructure.
- Assess Capital One’s development practices and help drive corporate security standards.
- Help triage and test application responsible disclosure findings and newly disclosed vulnerabilities.
- Work with developers to improve the Software Development Lifecycle (SDLC) for applications.
- Present findings, risks and conclusions to technical and non-technical audiences.
- Collaborate closely with the business throughout remediation including influencing stakeholders and delivery teams on prioritization of security activities and issue remediation.
- Establish effective and productive relationships with colleagues across the Global Cyber organization and technology departments as well as the UK business.
What we’re looking for
- Information security experience in one or more of the following areas: red teaming, penetration testing, application security, or network security.
- Strong knowledge of Web, API and mobile application security testing frameworks and methodologies.
- Familiarity with penetration testing tools such as BurpSuite, OWASP Zap, SoapUI etc.
- Strong knowledge of application security best practices including OWASP Top 10.
- Should have a strong understanding of networking concepts, Windows, Linux and Mac operating systems, cloud and web application vulnerabilities and exploitation.
- Experience with threat modeling concepts and frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE).
- Technical knowledge in software engineering, system and network security, authentication and security protocols, cryptography, and network/web related protocols (e.g., TCP, UDP, HTTP, HTTPS).
Any of these would be advantageous (but we'd still love to hear from you)
- Bachelors Degree or equivalent certification.
- Security testing of cloud environments. We’re invested with AWS but will consider those who have worked on any other major public cloud provider (Azure, GCP).
- Experience in offensive security tool development, customization or expansion.
- Ability to code comfortably in one or more interpreted languages (eg. Python, Bash, PowerShell, Perl, Ruby) and one or more compiled languages (eg. C, C++, C#, Golang, Rust, Java, Objective-C).
- Penetration testing experience with Internet of Things (IoT) devices, mobile applications, or code review.
- One or more of the following certifications (OSCP, OSCE, GPEN, GXPN, CRTO, CREST Certified Simulated Attack Manager).
Penetration Tester employer: 慨正橡扯
At Capital One, we pride ourselves on being an exceptional employer, offering a vibrant work culture that fosters collaboration and innovation in the field of cybersecurity. Our London and Nottingham locations provide a dynamic environment where employees can thrive, with ample opportunities for professional growth and development in ethical hacking and penetration testing. We are committed to investing in our team members, ensuring they have access to cutting-edge tools and resources to enhance their skills while contributing to the protection of our brand and systems.
StudySmarter Expert Advice🤫
We think this is how you could land Penetration Tester
✨Network Like a Pro
Get out there and connect with folks in the industry! Attend meetups, conferences, or even online webinars. The more people you know, the better your chances of landing that Penetration Tester role.
✨Show Off Your Skills
Create a portfolio showcasing your penetration testing projects. Whether it's a blog, GitHub repo, or even a personal website, let your work speak for itself. This is your chance to shine and show potential employers what you can do!
✨Ace the Interview
Prepare for technical interviews by brushing up on your knowledge of tools like BurpSuite and OWASP Zap. Practice explaining your thought process when tackling security assessments, as communication is key in this field.
✨Apply Through Us!
Don't forget to apply through our website! We’re always on the lookout for talented individuals who are passionate about offensive security. Plus, it’s a great way to get noticed by our hiring team.
We think you need these skills to ace Penetration Tester
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Penetration Tester role. Highlight your experience in ethical hacking, penetration testing, and any relevant tools you've used. We want to see how your skills match up with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about offensive security and how you can contribute to our team. Be sure to mention specific experiences that relate to the job description.
Showcase Your Technical Skills:In your application, don't forget to showcase your technical skills, especially around web, API, and mobile application security. Mention any frameworks or methodologies you're familiar with, as this will help us see your fit for the role.
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you'll be able to submit all your documents in one go. Plus, we love seeing applications come directly from our site!
How to prepare for a job interview at 慨正橡扯
✨Know Your Tools
Familiarise yourself with penetration testing tools like BurpSuite and OWASP Zap. Be ready to discuss how you've used these tools in past projects, as well as any custom scripts or modifications you've made to enhance their functionality.
✨Understand the Frameworks
Brush up on security testing frameworks and methodologies, especially the OWASP Top 10. Be prepared to explain how these frameworks guide your testing process and how you apply them to identify vulnerabilities effectively.
✨Communicate Findings Clearly
Practice presenting your findings to both technical and non-technical audiences. Use clear, jargon-free language when explaining risks and recommendations, as this will demonstrate your ability to collaborate with diverse teams.
✨Showcase Your Experience
Be ready to share specific examples of your experience in red teaming, application security, or network security. Highlight any relevant projects where you successfully identified and mitigated vulnerabilities, and discuss the impact of your work on the overall security posture.
