Penetration Testing (CREST / CHECK) in London

Goaco is looking to build a team to continue solving problems using software and technology for our clients. We are developers at heart – and by the mind too. We thrive on challenges and live for logical thinking. Formed over a decade ago, we have built on our successes, all of whom have benefitted from their level-headed software solutions. The team is all like-minded individuals, with a drive to succeed in their own fields.

ROLE OBJECTIVE

We are seeking a highly skilled Penetration Tester with a strong background in penetration testing and network security. This role is ideal for a cybersecurity professional with experience in identifying, assessing, and mitigating security risks across various platforms. The candidate will play a critical role in evaluating and strengthening our clients' cybersecurity postures by conducting in-depth security assessments, vulnerability analysis, and developing comprehensive security strategies. The successful candidate will work closely with the Global Director of Cyber Security to grow and develop the Penetration Testing capability here at Goaco, fostering a culture of technical excellence and high calibre outcomes.

Responsibilities

• Conduct comprehensive penetration tests, vulnerability assessments, and security audits to identify risks and ensure compliance with industry best practices.
• Provide expert recommendations and solutions to mitigate identified vulnerabilities, enhancing client systems' security postures.
• Investigate alerts and suspicious activity to determine if an incident has occurred.
• Contain affected systems and networks to prevent the incident from spreading.
• Implement temporary measures to mitigate the impact of the incident.
• Work with other teams, such as IT and security operations, to develop and implement a containment strategy.
• Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.
• Document and report incidents to the incident response team and other relevant stakeholders.
• Develop and implement security plans, policies, and training to prepare the organization to respond efficiently and effectively to cyber threats.
• Travel to various client locations when required (potential international travel) and deliver high quality solutions (e.g. OT testing or other IT services).
• Collaborate with client teams to develop, document, and implement security policies, standards, and guidelines aligned with industry standards (e.g., ISO 27001, NIST).
• Assist in the deployment, configuration, and management of security infrastructure and technologies, including firewalls, intrusion detection/prevention systems, and secure network architectures.
• Provide guidance and support on Azure security practices, leveraging expertise in Microsoft Azure security frameworks and best practices.
• Stay updated with the latest cybersecurity threats, trends, and regulatory changes, proactively advising clients on necessary adjustments to their security strategies.
• Produce detailed and accurate reports on penetration testing findings, including risk levels, remediation steps, and strategic recommendations.

Experience

• Minimum of 4+ years of experience in cybersecurity, specifically in penetration testing and incident response, vulnerability management, and risk assessment.
• Public Sector experience, ideally MOD, MOJ.
• Must be SC clearable.
• Proven hands-on experience with tools such as Metasploit, Burp Suite, Nessus, and Wireshark.
• Strong understanding of network protocols, firewall configurations, and secure network design.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) to automate tasks and streamline processes.
• Hands-on experience of vulnerability assessments, incident response, penetration testing, threat hunting and compromise assessment.
• Experience collaborating with Sales teams as a pre-sales cyber security consultant.
• Experience working in Energy or Construction industry projects is a plus.
• Experience in writing technical proposals along with other teams to deliver robust statement of works for client sign off.
• Certifications CCNP/CCNA is nice to have.
• CREST/OSCP is nice to have.
• Microsoft and/or other cloud providers.

Skills

• Working knowledge of cloud security architecture, specifically within Azure (or other Cloud platforms).
• Familiarity with security frameworks and compliance standards such as NIST, GDPR, PCI-DSS, DESC ISR.
• Strong problem-solving skills, with the ability to think creatively to solve complex security challenges.

Benefits

• Competitive Salary: Base salary commensurate with experience, plus performance-based incentives.
• Career Progression: Clear pathways for career development and progression within the company.
• Training & Development: Ongoing training and development opportunities to help you grow in your role.
• Supportive Culture: Join a collaborative, friendly, and ambitious team that values work-life balance.