Senior Penetration Tester

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.

Your day at NTT DATA

The Senior Penetration Tester is an advanced subject matter expert responsible for assessing and evaluating the security posture of the company's information systems, networks, applications and infrastructure.

This role involves conducting rigorous and complex penetration testing and ethical hacking activities to identify vulnerabilities and potential weaknesses for exploitation.

This role collaborates with cross functional teams and provides strategic security recommendations and assists in strengthening the organization's overall cybersecurity defenses.

The Senior Penetration Tester serves as a mentor to junior members and is highly experienced in relevant exploits, tooling, exploit writing and is a pivotal role in the company's continuous assessment program.

What you'll be doing

Key Responsibilities:

• Plans, executes and manages complex penetration testing engagements on various IT assets, including networks, applications and databases.
• Conducts simulated cyber-attacks, including social engineering, to identify vulnerabilities and assesses the organization's resilience to cyber threats.
• Performs penetration tests against internal and external facing systems.
• Analyzes and interprets penetration test results and provides detailed reports to relevant stakeholders.
• Provides input to improve the quality and effectiveness of tests in a highly scaled and global environment.
• Articulates complex technical risks through creation of reports and delivering presentations to key stakeholders.
• Works with Security DevOps teams to test the orchestration and automation processes and platforms, feed results into a testing program.
• Supports the assessment risk and the development and/or recommends appropriate mitigation countermeasures based on empirical testing.
• Provides comprehensive technical expertise with web, application and database vulnerability testing.
• Supports the development of the security automation framework and the implementation roadmap.
• Provides actionable security recommendations and mitigation strategies to address identified vulnerabilities.
• Ensures that penetration testing activities align with relevant industry standards, compliance regulations, and best practices and to ensure program integrity and independence within the organization.
• Contributes to any security awareness training and education programs to promote a culture of cybersecurity within the organization.
• Stays up to date with the latest cybersecurity threats, attack vectors, and defensive technologies to continuously improve testing methodologies.
• Mentors and guides less experienced members of the penetration testing team, sharing knowledge and best practices.
• Crafts payloads and executables to specific environments using obfuscation techniques to evade detection from advanced EDR systems.

Knowledge and Attributes:

• Ability to work independently and manage multiple projects within remote environment.
• Demonstrates a strong ability to engage with various stakeholders, have a team-based approach and work towards share goals and outcomes.
• Ability to think outside the box and a passion to improve your skills and drive innovation.
• Ability to compromise systems and demonstrate ways to laterally move post compromise.
• In-depth knowledge of common security assessment methodologies, such as OWASP, PTES, or NIST SP 800-115.
• Strong understanding of various operating systems, network protocols, and application security.
• Advanced proficiency in using penetration testing tools and frameworks, such as Metasploit, Burp Suite, Nmap, and Wireshark.
• Advanced knowledge of security assessment tools and technologies used to evaluate web applications, databases, and network infrastructure.
• Excellent analytical and problem-solving skills to identify and exploit vulnerabilities effectively
• Strong written and verbal communication skills to deliver clear and concise reports and recommendations to stakeholders.
• Ethical and professional conduct with a commitment to confidentiality and data privacy.

Academic Qualifications and Certifications:

• Bachelor's degree or equivalent in Information Technology or Computer Science or related field.
• Security related certifications such as OSWE, OSEP, OSCP, OSCE, CRTP, GPEN, or CREST is desirable.

Required Experience:

• Advanced penetration testing experience and ethical hacking gained within a similar global environment.
• Advanced experience with both commercial and open-source security tools and scripting languages.
• Advanced exposure to security testing scenarios e.g. Capture the Flag / Red Team / Blue Team is desirable.
• Advanced experience with various testing platforms e.g. Hack the Box / Vulnhub / PentesterLab is desirable.

Workplace type:

Hybrid Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.