At a Glance
- Tasks: Uncover cyber vulnerabilities through ethical hacking and penetration testing.
- Company: Join Capital One's innovative Offensive Security team.
- Benefits: Hybrid working model, gym access, subsidised meals, and wellness rooms.
- Other info: Collaborative environment with opportunities for career growth.
- Why this job: Make a real impact on cybersecurity while developing your skills.
- Qualifications: Experience in penetration testing and knowledge of security frameworks required.
The predicted salary is between 60000 - 80000 £ per year.
Capital One Offensive Security reduces cyber risk by uncovering vulnerabilities and weaknesses in the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios. This position works closely with team members to plan, coordinate, execute and report on sophisticated ethical hacking exercises to identify cyber vulnerabilities and reduce the risk posture of enterprise systems.
Location: London or Nottingham – permanent position, hybrid working model (3 days in office, remainder remote).
Responsibilities
- Perform penetration testing of APIs, web applications, networks and cloud services, and related infrastructure.
- Assess Capital One's development practices and help drive corporate security standards.
- Help triage and test application responsible disclosure findings and newly disclosed vulnerabilities.
- Work with developers to improve the Software Development Lifecycle (SDLC) for applications.
- Present findings, risks and conclusions to technical and non‑technical audiences.
- Collaborate closely with the business throughout remediation, influencing stakeholders and delivery teams on prioritization of security activities and issue remediation.
- Establish effective and productive relationships with colleagues across the Global Cyber organization and technology departments.
Qualifications
- Information security experience in red teaming, penetration testing, application security or network security.
- Strong knowledge of Web, API and mobile application security testing frameworks and methodologies.
- Familiarity with penetration testing tools such as BurpSuite, OWASP Zap, SoapUI.
- Strong knowledge of application security best practices including OWASP Top 10.
- Strong understanding of networking concepts, Windows, Linux and Mac operating systems, cloud and web application vulnerabilities and exploitation.
- Experience with threat modelling concepts and frameworks (CVSS, MITRE ATT).
Penetration Tester in Nottingham employer: VELOCITY MOBILE LTD.
At Capital One, we pride ourselves on being an exceptional employer, offering a dynamic work culture that fosters collaboration and innovation in the field of cybersecurity. With a hybrid working model based in vibrant London or Nottingham, employees benefit from a supportive environment that prioritises professional growth, alongside unique perks such as access to state-of-the-art facilities including gyms and mindfulness rooms. Join us to make a meaningful impact while advancing your career in a company that values your contributions and encourages continuous learning.
