Penetration Tester Technical Delivery · Dublin

Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe

We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our clients' existing technology investments.

In a few words, we take businesses to the cloud and back

We have over 1000 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Ireland, Benelux, South Africa & Malaysia.

We are looking for a skilled and aspiring Penetration Tester to join our team of security consultants. This is a hybrid role, where you may be required to perform Penetration Testing engagements on client-site locations. As a Penetration Tester, you will play a crucial role in assessing and reporting on the security posture of our internal client's applications, infrastructure, APIs, servers and endpoints, identifying vulnerabilities that could be exploited by malicious individuals or attackers. Your deep knowledge of app security, penetration testing methodologies, and industry best practices will be instrumental in ensuring the confidentiality, integrity, and availability of our client's systems.

• Conduct comprehensive penetration tests on clients' systems across various platforms (including web applications, thick client applications, infrastructure, APIs, cloud platforms) to identify security vulnerabilities, weaknesses, and potential risks.
• Carry out Penetration Tests both onsite, at client locations and remotely, depending on the requirements of the project.
• Utilise, develop and execute customized test plans, methodologies, and tools for penetration testing, focusing on both network and application layers, tailored to the client's specific needs and requirements. Follow leading testing standards and methodologies such as OWASP and NIST.
• Evaluate system architectures and designs to identify potential security flaws and provide strategic recommendations for risk mitigation.
• Collaborate closely with clients and their development teams to gain a deep understanding of the architecture, codebase, and underlying technologies, offering guidance on issue remediation and secure coding practices.
• Utilise a wide range of manual and automated tools to conduct penetration testing.
• Prepare detailed and comprehensive reports documenting identified vulnerabilities, their potential impact, and actionable remediation strategies, effectively communicating findings to clients.
• Stay abreast of the latest security threats, vulnerabilities, and attack vectors, proactively advising clients on emerging risks and recommending appropriate countermeasures.
• Collaborate with cross-functional teams of security professionals to implement tailored security best practices and guide clients in the secure development and deployment of applications and systems.
• Provide expert support during security incident response activities, assisting clients in investigating and remediating mobile app security incidents.

• Excellent written and verbal communication skills, with the ability to convey technical concepts in a clear and concise manner to both technical and non-technical clients.
• Degree in Computer Science, Information Security, or experience in a related field.
• Relevant industry certifications (e.g., OSCP, PNPT, CREST CPSA, CRT accredited certs, SANS) and/or experience in mobile applications, thick client applications, Citrix and Secure Code Review are highly desirable.
• Proven track record as a Penetration Tester, with significant experience in application, infrastructure and API security testing. A minimum of 1-2 years of experience in professional penetration testing is required.
• Extensive expertise in security vulnerabilities, threats, and attack vectors, coupled with a thorough understanding of industry best practices and standards (e.g., OWASP, NIST, PTES).
• Solid understanding of application frameworks and architectures, operating systems (Windows, Unix), and underlying technologies.
• Hands-on experience performing mobile application penetration testing across Android and iOS platforms is highly desirable, including analysis of mobile app architectures, secure storage, authentication mechanisms, and inter-app communication.
• Proficiency in using cutting-edge penetration testing tools and frameworks (e.g., Burp Suite Professional, Nmap, Nessus, Metasploit, SoapUI/Postman/ReadyAPI).
• Strong understanding of programming and scripting (e.g., Python, Bash) to automate testing processes and develop custom scripts tailored to client's specific needs is a plus.
• Demonstrated ability to work independently and collaboratively within a team, effectively managing multiple testing engagements, meeting deadlines, and delivering high-quality results.

• Time off - 25 days leave + public holidays
• One day Birthday leave per year
• Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice
• Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
• EkcOlympics - a global activity for fun
• Learning & development - Unlimited access to Pluralsight learning platform
• A lot of responsibilities & opportunities to grow (also internationally)

• Microsoft's 2023 Rising Star Security Partner of the year
• VMware & Veeam top partner status
• Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards
• Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging
• We recognise the value of internal mobility and encourage opportunities for internal development & progression
• Flexible working with a family friendly focus are at the core of our company values