Manual Penetration Tester - GCP

  • Category
    Testing & Quality Assurance - Manual testing
  • Location
    London, Greater London
  • External Reference
    418096-A

Spring Technology is currently looking for an experienced Penetration Tester. This is a initial 3 Month contract based in London.

My client is looking for:
First a penetration tester who will actively seek out vulnerabilities and will go hunting. This is "proper" manual penetration testing. But we don't just want a pen test: we are already paying a third party to do this as a one-off: we need the testing with remediation. The second aspect is to guide the engineering team on configuration, build and remediation: this is an ongoing "best practice" guide and providing assistance to the teams on what to fix and how to fix it. The third aspect is embedding technical security into our project and so that issues are identified before they make it into the production environments. I included the potential for scripting in Bash or Python as it's an area we could be doing more with, but that is a nice-to-have.

Tasks include:
*Technical security review of Google Compute platform which contains 3,000+ servers, 100+ projects
*Provide best practice guidance to GCP engineering teams on securing GCP
*Technical security review of GCP Windows and Linux instances to include automated vulnerability scanning and active exploits
*Technical security review of Microsoft Remote Desktop services and Microsoft Remote App to include configuration review and identification of vulnerabilities
*Technical security review of migrated application servers including legacy applications
*Continuous ad hoc active exploitation of the environment
*Technical security review and "penetration testing" of internet-facing applications
*Guidance to project teams on effective remediation of vulnerabilities including where necessary implementing vendor-recommendations as well as guiding engineering teams on the implementation of remedial actions
*Technical security testing of Java Google Compute Engine application to include end-to-end security assessment
*Provide guidance to development teams on remediation of vulnerabilities
*Production of effective security test reports and documentation
*Additional opportunities
oProvide guidance on the development of operational scripts
oDevelopment and configuration of automated tooling to mitigate vulnerabilities
oPython scripting

Please send your CV now to apply !
Spring Technology acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. The Spring Group UK is an Equal Opportunities Employer.

By applying for this role your details will be submitted to Spring. Our Candidate Privacy Information Statement explains how we will use your information - please copy and paste the following link in to your browser: www.spring.com/candidate-privacy-information-statement

To speak to a recruitment expert please contact Ronel Harapinski