Senior Penetration Tester

About us

Join National Grid's digital transformation! We are digital creators, continuous learners and daring innovators. We leverage digital innovative ways to create products and catalyze the transformation of National Grid's business units into more agile and digitally native organizations in our shared purpose of bringing energy to life. Come and join us on this incredible journey, We need you!

The Vulnerability Testing Team is part of Vulnerability Management within the National Grid's global Security Team. It supports the Security Team's operations by identifying vulnerabilities and security issues via penetration testing assessments. It also identifies real-world threats posing a genuine risk to National Grid; replicating behaviours of threat actors, assessed by Government and commercial intelligence providers. Your discoveries will enable National Grid to proactively adjust its defensive posture.

We want to find a highly motivated individual to take on a Senior Tester role with a strong skill set in Web, API, and Application testing. A successful candidate will carry out penetration testing across a range of environments, including Enterprise and Critical National Infrastructure networks, covering National Grid's global business. If you yearn to be innovative and contribute new ideas and play a critical part in the US Gas IT organization, we want to hear from you!

What you'll do

As a Senior Penetration Tester, you'll liaise with project teams and other security functions to implement effective remediation activities. Significant findings will be shared with C-level management and help influence the security department's strategic direction. You'll also provide guidance and mentoring to junior team members, helping them develop in the early stages of their careers. Key responsibilities include the following:

• Scope penetration tests with project teams
• Conduct penetration testing activities against IT systems and applications
• Liaise with Security Architects and Project teams to articulate findings and drive remediation
• Analyse or produce high quality penetration test reports and draft remediation plans
• Build / maintain penetration testing environments
• Maintain technical documentation; e.g. methodologies, technical guides, and reporting standards
• Mentor junior testers, developing their penetration testing experience

What you'll need

• 3 to 5 years of experience in a Penetration Testing position
• Strong understanding of Penetration testing process and deliverables
• Strong web and API penetration testing experience
• Knowledge of common application vulnerabilities such as those included within the OWASP Top 10 and ASVS checklist
• Experience with using common web/API application penetration testing tools such as Burp Suite Professional
• Demonstrable knowledge of additional tooling utilized for all stages of the web/API testing methodology
• Strong stakeholder management and written/oral communication skills, with the ability to communicate at a technical and business user level
• High reporting standards and strong attention to detail, able to review and QA work of peers

It would be awesome if you had

• Experience in application development
• Actively involved in the security community; developing open source tools, contributing to security blogs, or participating in CTF competitions
• Able to work in both waterfall and agile software delivery projects
• Experience working in a Critical National Infrastructure environment, or similarly regulated industry
• Good understanding of the Energy industry and Industrial Control Systems
• Computer Science, Mathematics, Engineering, or Security related degree (or higher)
• Formal certification in one of the following:
  o OSCP
  o OSWA
  o GIAC GWAPT
  o CCT - APP, Tiger Scheme, or equivalent

What you'll get

• Consistent growth potential through company leadership programs
• Competitive compensation package including robust benefits with a yearly bonus
• Numerous wellness programs
• A multitude of company-endorsed community programs to participate in

More Information

Are you the right fit for this exciting role? You want to learn more about the position and National Grid's ambitious Digital Transformation? Then let's chat!

Apply directly or reach out to me at [email protected].

#LI-CL1

At National Grid, we keep the lights on and homes warm. But it's so much more than that. We keep people connected and society moving. This is no easy feat, and it takes all of us. But National Grid supplies us with the environment to make it happen. As we generate momentum in the energy transition for all, we don't plan on leaving any of our customers in the dark. But we aren't looking for external recognition - we already what we do is vital. We're building a clean, fair and affordable energy future.

Salary

$84,000 - $132,000 a year

Please be advised that due to the nature of this position, incumbents are subject to federal Drug & Alcohol safety regulations governing US Department of Transportation ('DOT') covered positions, including the Federal Motor Carrier Safety Administration (FMCSA) and Pipeline Hazardous Material Safety Administration (PHMSA). As such, the Company's testing programs and policies regarding the use of federally prohibited drugs or alcohol, for recreational or medical purposes, will remain in effect for these safety-sensitive, DOT covered positions.

This position has a career path which provides for advancement opportunities within and across bands as you develop and evolve in the position; gaining experience, expertise and acquiring and applying technical skills. Candidates will be assessed and provided offers against the minimum qualifications of this role and their individual experience.

National Grid is an equal opportunity employer that values a broad diversity of talent, knowledge, experience and expertise. We foster a culture of inclusion that drives employee engagement to deliver superior performance to the communities we serve. National Grid is proud to be an affirmative action employer. We encourage minorities, women, individuals with disabilities and protected veterans to join the National Grid team.