Job Role:
Automation tester (Infosec) - Vulnerability management
Role Description :
Responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers
Job Summary:
Relationship and supplier management skills are the key focuses of the role, will need to have a good understanding of security vulnerabilities and testing methodology. The position need to be filled by a hands-on security tester, responsibility involves supporting the provision of Automation testing services for DAST and SAST, includes creating Integrations with Azure DevOps Pipelines and ensuring remediation with dev teams for the same with LOBs and 3rd party vendors. The role will work closely alongside the rest of the Cyber Team (e.g. Vulnerability Management) & the wider Information & Cyber Security function & leaders in operational IT teams.
Responsibilities & Duties:
Create, maintain, and execute appropriate security testing processes to enable timely detection, risk-based prioritization, and co-ordinate the remediation of security testing findings
Manage planning & execution of corporate penetration testing, DAST and SAST onboarding.
Collaborate with development and QA teams to integrate security tools into CI/CD pipelines.
Develop and maintain security testing documentation, including test plans and reports.
Provide clear, concise and easily consumable communication with key technical and non-technical stakeholders so that findings are understood and appropriately addressed.
Measure and report the maturity, effectiveness and efficiency of Security Testing services.
Understand the elements involved within the exception requests and their importance - data sensitivity assessment, control implementation and maintenance plan, assessing the legal, compliance, reputation, and operational risks associated with the exception.
Ensure accurate and clear communication with all stakeholders.
Provide appropriate MI to key stakeholders.
Experience Band:
3 to 5 years
Qualified to degree level, preferably in a business, IT or security related subject