Pen Testing Specialist x 2
Milton Keynes OR London
Technology is the driving force behind Argos’ success - online, in stores, in logistics, in back office, in trading, in ranging, in design, in marketing and everywhere else in the company. As such, customers, colleagues and shareholders are critically dependent on the security of these technologies to drive the continued success of our business.
We increasingly rely on digital retail to drive up our revenue and reduce our costs. As such our online brands are critical to the success of our organisation and the protection of our customers’ data and online shopping experience is of paramount importance to us.
This role will be responsible for testing all brand websites, white label sites, supplier sites, and infrastructure segments either directly or indirectly through the management of penetration test teams/vendors.
* Undertaking vulnerability assessments and or penetration tests of production websites, networks and infrastructure
* Conducting end-to-end testing activities to identify vulnerabilities, recommend corrective actions and follow up on their remediation
* Interpreting penetration test results into management responses so that the business can understand the importance of identified vulnerabilities in the context of business impact and the likelihood of threat realisation
* Managing project managers’ expectations and delivering regular reports
* Writing reports and technical documentation to be presented to business owners and project managers
* Identifying remediation techniques and assisting the development with secure coding practices as appropriate
* Maintaining professional accreditations
* Maintaining Argos (and subsequent brands) industry position as a Secure retailer through industry engagement and active promotion of our brand
* Writing and contributing to White Papers and research documents as part of both ongoing personal development and that of the Cyber Security team
* Providing penetration testing training and mentoring to colleagues on projects and internal training courses as well as suggesting training options for individuals both in and outside of the team
* Maintaining contact with our white label sites to ensure ongoing security of their systems and our own
* Working with threat intelligence service providers to ensure they provide an effective service
* Providing technical advisory and assistance throughout cyber security incident response activities and risk assessments
* Previous experience in a similar position with relevant industry qualifications such as CHECK/CREST, OSCP, CEH, CISSP
* Strong, proven experience saving business money through effective testing strategies
* Experienced in technology and information security risks
* Ability to manage stakeholders including vendor management at all levels
* Willingness to develop and evolve within the role, and maintain the knowledge of the subject matter