Senior Penetration Tester
- Employee Status: Regular
- Role Type: Hybrid
- Department: Information Technology & Systems
- Schedule: Full Time
Discover the Unexpected
Experian is the world’s leading global information services company. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index. We’re passionate about unlocking the power of data in order to transform lives and create opportunities for consumers, businesses and society. For more than 125 years, we’ve helped businesses grow, consumers and small businesses gain access to financial services, and economies and communities flourish – and we’re not done.
Our 18k amazing employees in 40+ countries believe the possibilities for you, and the world, are growing. We’re investing in the future, through new technologies, talented people and innovation so we can help create a better tomorrow.
To do this we employ the greatest and brightest minds that share our purpose and want to make a difference. Experian Asia Pacific's culture, people and environments are key differentiators. We focus on what truly matters; diversity and inclusion, work/life balance, flexible working, development, equity, engagement, collaboration, wellness, reward & recognition, volunteering... the list goes on. We’re committed to fostering a strong sense of belonging and a place where you can bring your true self to work.
Our uniqueness is that we truly value yours. We’re an award winning organisation due to our strong people first focus. This includes Top Employer™ and Great Place To Work™ accreditations.
Learn more at www.experianplc.com
Experian is revamping their penetration testing program to provide enhanced services to our Business Units and Technology Groups across the Globe. This is an exciting time as we build the team and address the Application and Network environment to ensure that we provide our Clients confidence in a secure environment that is comprehensively tested to the highest standards. We’re looking for a team that can shape the program and build a world class Penetration Testing environment. Our test team will be global to provide follow-the-sun capabilities. Experian will provide comprehensive training and ensure that our team grows its skills to address the needs of an organisation that is constantly exploring and utilising new technologies and solutions to be successful across its extensive global footprint.
What you’ll need to bring to the role
High levels of collaboration, communication skills, stakeholder management and teamwork
Alignment with Experian’s purpose and core values, we look for ‘culture add’
Knowledge of common pen test and application security tools, such as Kali Linux, Metasploit, Burp Suite, Wireshark, Web Inspect, Network Mapper (NMAP), Nessus and others
Ideally Industry certifications such as CEH, OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
Fluent and proficient in English to enable delivery of verbal and written reports and presentations to both technical and executive audiences
What you’ll be doing
Conduct tactical assessments that require expertise in application security (web and mobile), threat analysis, internal and external network architecture, and a wide array of commercial and custom products
Perform security research on topics that interest you and publishing content to contribute to the information security community
Configure and safely utilize attack tools, tactics, and procedures against authorized Experian targets
Develop scripts, tools, or methodologies to enhance Experian's penetration testing capabilities
Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
Provide risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities, and misconfigurations
Arrange and provide support to business units launching new technology applications and services to verify that new products/offerings are not at risk of compromise or information leakage
Write formal security assessments for each penetration test using our company’s standard reporting format
Participate in conference calls with clients to review assessment results and consult with the clients on remediation options
Retesting security vulnerabilities that have been fixed and republishing reports to indicate the results of retesting
5 -8 plus years’ experience in two or more of the following areas:
Network penetration testing and manipulation of network infrastructure
Web application penetration testing assessments
Mobile application penetrating testing assessments
Email, phone, or physical social-engineering assessments
Developing, extending, or modifying exploits, shell code or exploit tools
Experience with Red, Blue, or Purple teaming exercises
Proficient in one or more of the following programming languages; C, C++, C#, Java, Go
Proficient in one or more of the following scripting languages; Python, PowerShell, Bash, Ruby
Experience with network OS, Windows/ *nix/ MacOS, network communications protocols, virtual environments, cloud environments, mobile OS (Android/iOS) and containerized platforms
Familiarity with defensive technologies such as firewalls, IPS/IDS systems, SIEM, EPP, EDR, UEBA, and data encryption
Understanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC)
Our uniqueness is that we truly value yours. From India, across Asia to Japan and down to Australia, our 1800 people are what make our business special. Experian's culture, people and environments are key differentiators. We focus on what truly matters; diversity and inclusion, work/life balance, development, innovation, collaboration, wellness, reward & recognition, volunteering... That's why we're an award winning organisation for our people-first practices, something we’re very proud of.
Experian Careers - Creating a better tomorrow together