Penetration Tester

About Ekco

Founded in 2016, Ekco is now one of the fastest growing cloud solution providers in Europe

We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our clients' existing technology investments.

In a few words, we take businesses to the cloud and back

We have over 1000 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Benelux & Ireland.

The role

We are looking for a skilled and experienced Penetration Tester to join our team of security consultants. As a Penetration Tester, you will play a crucial role in assessing the security posture of our client's applications, infrastructure, APIs, servers and endpoints, identifying vulnerabilities that could be exploited by malicious individuals or attackers. Your deep knowledge of app security, penetration testing methodologies, and industry best practices will be instrumental in ensuring the confidentiality, integrity, and availability of our client's systems.

Key Responsibilities

1. Conduct comprehensive penetration tests on clients' systems across various platforms (including web applications, thick client applications, infrastructure, APIs, cloud platforms) to identify security vulnerabilities, weaknesses, and potential risks.
2. Utilise, develop and execute customized test plans, methodologies, and tools for penetration testing, focusing on both network and application layers, tailored to the client's specific needs and requirements. Follow leading testing standards and methodologies such as OWASP and NIST.
3. Evaluate system architectures and designs to identify potential security flaws and provide strategic recommendations for risk mitigation.
4. Collaborate closely with clients and their development teams to gain a deep understanding of the architecture, codebase, and underlying technologies, offering guidance on issue remediation and secure coding practices.
5. Utilise a wide range of manual and automated tools to conduct penetration testing.
6. Prepare detailed and comprehensive reports documenting identified vulnerabilities, their potential impact, and actionable remediation strategies, effectively communicating findings to clients.
7. Stay abreast of the latest security threats, vulnerabilities, and attack vectors, proactively advising clients on emerging risks and recommending appropriate countermeasures.
8. Collaborate with cross-functional teams of security professionals to implement tailored security best practices and guide clients in the secure development and deployment of applications and systems.
9. Provide expert support during security incident response activities, assisting clients in investigating and remediating mobile app security incidents.

Key Requirements

1. Bachelor's degree in Computer Science, Information Security, or a related field.
2. Relevant certifications (e.g., OSCP, PNPT, CREST accredited certs, GPEN) and/or experience in mobile applications, thick client applications, Citrix and Secure Code Review are highly desirable.
3. Proven track record as a Penetration Tester, with significant experience in application, infrastructure and API security testing. A minimum of 2 years of experience in professional penetration testing is required.
4. Extensive expertise in security vulnerabilities, threats, and attack vectors, coupled with a thorough understanding of industry best practices and standards (e.g., OWASP, NIST, PTES).
5. Solid understanding of application frameworks and architectures, operating systems (Windows, Unix), and underlying technologies.
6. Proficiency in using cutting-edge penetration testing tools and frameworks (e.g., Burp Suite Professional, Nmap, Nessus, Metasploit, SoapUI/Postman/ReadyAPI).
7. Strong understanding of programming and scripting (e.g., Python, Bash) to automate testing processes and develop custom scripts tailored to client's specific needs is a plus.
8. Demonstrated ability to work independently and collaboratively within a team, effectively managing multiple testing engagements, meeting deadlines, and delivering high-quality results.
9. Excellent written and verbal communication skills, with the ability to convey technical concepts in a clear and concise manner to both technical and non-technical clients.

Benefits/Perks

1. Time off - 25 days leave + public holidays
2. 1 day Birthday leave per year
3. Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice
4. Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
5. EkcOlympics - a global activity for fun
6. Learning & development - Unlimited access to Pluralsight learning platform
7. A lot of responsibilities & opportunities to grow (also internationally)

Why Ekco

1. Microsoft's 2023 Rising Star Security Partner of the year
2. VMware & Veeam top partner status
3. Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards
4. Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging
5. We recognise the value of internal mobility and encourage opportunities for internal development & progression
6. Flexible working with a family friendly focus are at the core of our company values