Security Analyst

Manchester, United Kingdom

Job Description


Advantio is a leading Cyber Security and Managed Security Services (MSS) provider that helps businesses fight Cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of Cyber Security Advisory & Testing Services, Managed Security Services, Technology Solutions and Cyber Security Education, Advantio is the security partner of choice for many large corporate enterprises globally covering a wide range of industries including but not limited to banking, insurance, gambling, travel, retail, telco, oil & gas and public sector bodies. Advantio primarily serves the Payment Card Industry and when it comes to payment transactions, has been recognised by VISA as one of Europe’s top Qualified Security Assessor (QSA) providers.
For more information about Advantio, visit https://www.advantio.com
Role

Due to our continued expansion we now have an immediate opening for a Security Penetration tester. A successful candidate will ensure delivery and enhancement of various security services (application, infrastructure and social engineering security assessments, segmentation testing) and will manage delivery of such services such as ASV scanning and vulnerability scanning provided to Advantio’s customers.
Responsibilities:

ASV management


  • Define vulnerability scanning and ASV scanning scoping in cooperation with clients, Service Delivery Team and QSAs.
  • Prepare vulnerability scanning authorization agreement forms along with the Service Delivery Team.
  • Network connection troubleshooting.
  • Execute the scanning in accordance with the authorization form dates, times and targets on infrastructure, application and segmentation level as purchased by the client.
  • Considering clients’ comments and justifications regarding vulnerabilities statuses.
  • Validate findings and filter false-positives.
  • Perform clients consulting regarding on-going activities.

Penetration Testing
Scanning, vulnerability identification and attempt of exploitation:
  • Execute the testing in accordance with the authorization form dates, times and targets on infrastructure, application and segmentation level as purchased by the client.
  • Perform infrastructure testing that includes network scanning (network sweeping and tracing, port scanning, operating system fingerprinting, services’ version scanning, vulnerability scanning, manual assessment of the environment based on the results of service detection and vulnerability scanning steps).
  • Perform manual application testing with the ultimate goal of obtaining passwords, sensitive data or administrator privileges on the application.
  • Perform code review or reverse engineering of client Mobile Applications (iOS/Android)
  • Perform segmentation testing in order to prove that firewalls and other networking devices are properly configured.
  • Perform clients consulting regarding on-going activities.

Report Generation

  • Write a report in accordance to internal reporting methodology, report template and report generation tool with further submitting to Technical Reviewer and QA Team for review prior to client distribution.
  • Ensure to include in the report the vulnerabilities identified together with their ratings, their impact, recommendations and evidences in the form of screenshots, logs or commands executed to detect the vulnerabilities and how to fix them (where possible).
  • Retest vulnerabilities following remediation by the customer and write a remediation report.

Methodology development and professional updates

  • Study, Research, Test security tools, solutions and techniques that can help improve Advantio’s process in terms of quality, efficiency and breadth of supported target types.
  • Work on improvements of existing methodology materials and supporting assets for provided security services.
  • Review and define requirements for information security solutions

Knowledge and Skills
. Minimum 2 years experience in the relevant field
  • Operating Systems (Linux, Unix, Windows, OS X, iOS, Android)
  • Security principles, techniques and technologies (OWASP, NIST. SANS. etc.)
  • Network protocols, design and operations
  • Cryptography principles
  • Vulnerability and threat management
  • Principles and technique of ethical hacking
. Understanding of ASV process and requirements. . ASV certification in previous (nice to have).
  • Vulnerabilities research and bug hunting experience
  • Experience in Cloud pentesting projects (AWS, GCP, Azure etc)
  • Security tools and products (Nessus, Qualys, Nexpose, Burp Suite Pro, Acunetix WVS, Owasp ZAP, Wireshark, Nikto, Metasploit, etc.)
  • Identification, analysis and exploiting of logical flaws
  • Malware Analysis and Reverse Engineering (beneficial but not a must)
  • Mobile Application Reverse Engineering (Android, IOS) (beneficial but not a must)
  • Scripting and programming languages (e.g. C, C#, C++, Java, J2EE, BASH, Python, PHP)
  • One or more databases such as MySQL, Oracle Database, SQL Server, MongoDB
  • Web and/or mobile application programming
  • Experience with SAST tools (Checkmarx CxAST, HP Fortify, IBM AppScan, SonarQube)
  • Understanding and experience in SDLC and S-SDLC processes
  • Offensive Security or e-Learnsecurity Certifications are desirable
  • Fluency in English language as a must

Values and Competencies

  • Problem solving (Analysis, Problem setting, decision making)
  • Result orientation (Solutions delivery, work under time pressure)
  • Planning and organization (time management, scheduling and control, optimizing resources)
  • Lateral thinking

Advantio core values:

  • Harmony, always strive to create harmony
  • Openness, always be open
  • Social responsibility, be socially responsible
  • Timeless, whatever you build make it timeless
  • Accommodating, make our customers feel at home
  • Learning, be a learn it all
  • Delivering results

Beware of fraud agents! do not pay money to get a job

MNCJobs.co.uk will not be responsible for any payment made to a third-party. All Terms of Use are applicable.


Related Jobs

Job Detail

  • Job Id
    JD1908572
  • Industry
    Not mentioned
  • Total Positions
    1
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
    Permanent
  • Job Location
    Manchester, United Kingdom
  • Education
    Not mentioned