Cyber Security Assurance Tester and IR Specialist
On site
London, United Kingdom
Full Time
03-03-2025
Job Specifications
About
Six Degrees is a leading secure, integrated cloud services provider, where everyone is welcome. We believe success lies in harnessing a truly diverse and inclusive culture.
Our business protects UK organisations with the goal of enabling them to operate effectively and securely in the cloud, by giving them secure platforms to innovate and grow. We support our customers on their digital transformation journey regardless of their maturity. Our vision is to be the UK’s number one provider of secure, integrated cloud services to the small to mid-size market.
Our Cyber Security Assurance team are one of the most experienced and highly qualified teams of penetration testers in the UK. Also experts in forensics, the team is responsible for testing 1000’s of applications, systems, environments and devices every year. The team routinely research vulnerabilities, compile threat intelligence and assist clients in shoring-up their data security.
The Internal Penetration Testing & Incident Response Specialist will be a key member of the Cyber Security Assurance team, responsible for proactively identifying, assessing, and mitigating security risks internally within the organisation. They will work under general supervision, handling both internal penetration testing activities and aiding incident response operations for both external clients as well as internal operations. The role requires a methodical and analytical approach to security testing, as well as the ability to act decisively in response to security incidents.
They will act as a subject matter expert for internal penetration testing and threat response, applying appropriate tools, techniques, and methodologies in accordance with relevant standards and legislation. They will work on complex and non-routine testing scenarios, providing actionable insights to improve the organisation’s security posture. The role requires close collaboration with internal teams, supporting security investigations, incident handling, and threat mitigation efforts. The Cyber Security Assurance Tester and IR Specialist will need to have experience in running common penetration testing types and being able to manage complex incidents that may malware reversing, forensics and log analysis.
You will need be certified with the following certificates such as Cyber Scheme Team Member, CREST Registered Tester, CREST (CPIA), Intrusion Analyst (CRIA), CREST Certified Incident Manager (CCIM)
In the context of a broader security initiative, this role will serve as the internal component of the client-facing penetration testing team, reporting to senior management. Exceptional communication skills are crucial, as the individual will be responsible for producing clear and professional written reports, technical evaluations, and briefings for key stakeholders. Regular collaboration with internal teams will be necessary, necessitating the ability to convey technical findings in a manner that highlights their business implications.
The individual will also focus on enhancing their knowledge in penetration testing, threat intelligence, and incident response, ensuring that testing methodologies and response strategies are in line with industry best practices. This position is ideal for a security professional who is proactive and adaptable, capable of integrating offensive security testing with swift responses to cyber threats within the organization.
Our Benefits
In return for the passion our people bring to everything they do, we want them to enjoy a range of benefits that enrich their lives. We are a Real Living Wage employer, and through our additional employee benefits we feel we’ve got something that will help everybody live their best life.
We recognise the immense joy and significance of family leave for our employees, which is why Six Degrees provide an enhanced maternity and paternity leave package. We’re also keen to support people with flexible working, so everyone can have the personal time they need whilst still doing great work here at Six Degrees.
We have some fantastic benefits on offer, with everyone being given Private Medical Insurance, Life Assurance, a matched pension scheme and 25 days holiday and as a happy birthday from Six Degrees, all employees get a day off for their Birthday.
Throughout the business, our people have a causes and initiatives that they support and that is close to their heart. That’s why we give everyone the chance to volunteer one day year in addition to annual leave to make a difference.
What is more, we also make a contribution to any additional benefits you may wish to choose. Every Six Degrees employee has instant access to private medical care is available, as well as mental health and employee wellbeing support 24/7. Whether it’s a wellness benefit, such as gym benefits, fitness programmes and genetics wellness testing to our life benefits with discounted rates on travel, critical illness and dental insurance. We also provide discounts on well-known brands, in restaurants, supermarkets, the list goes on!
Our Recruitment Process
At Six Degrees, we prioritise efficiency in our recruitment process, as we believe it is essential for you to connect with potential colleagues and have a positive candidate experience.
Our team will thoroughly evaluate all applications, and if your qualifications align with our needs, our Talent Acquisition team will reach out to schedule a call. If all goes well, you will be invited to participate in an interview with your prospective line manager and team members, where you will discuss your suitability for the position and learn more about Six Degrees. For certain critical roles, we may conduct a second and final interview, which could include a task specific to the role. Following the completion of the assessment process, we look forward to welcoming you to the Six Degrees family
Nice-to-have skills
Penetration Testing
City of London, England
Work experience
Pentester
Security Analyst
Languages
English
About the Company
TieTalent is the career growth platform dedicated to tech professionals. By being part of our community they access exclusive content and perks from our partners for services that help them expend their knowledge. When open for a new opportunity, companies apply for them for jobs they want. On their side, companies benefit from an intelligent system allowing them to hire rare talents in tech quickly and hassle-free, that they need to be successful. TieTalent launched in October 2018 and is already trusted by thousands of ... Know more
Related Jobs
- Company Name
- Ørsted
- Job Title
- Information Security SCADA Specialist - Critical Infrastructure
- Job Description
- Join us in this role where you’ll be leading UKW hub national critical infrastructure with cyber secure generation. You will be leading in all areas of Information Security Management system across the region, initiating improvements of the system, and reporting from the system. This also includes ensuring that the implemented ISMS controls fulfil organisational and country-specific legal requirements where ISMS is implemented. Welcome to UK West Engineering You’ll be part of UKW Engineering team where you, together with your colleagues, will ensure secure, reliable generation from our European assets. You will ensure the best possible handling and improvement of cybersecurity and ensure compliance towards applicable country-specific legal requirements where ISMS is implemented. You’ll secure the lowest possible operating costs and consistently deliver high-quality results at the right time. You’ll play an important role in: maintaining and improving the cybersecurity risk register, including conducting risk identification, developing improvement roadmap and conducting follow-up workshops with relevant parties owning regional technical cyber security risks in close collaboration with Quality & Risk team. Developing, securing budget and implementing risk treatment plans defining effective business continuity plans for SCADA IT/OT systems, maintaining them and implementing them in emergency scenarios, leading event recovery sessions in relation to area of expertise facilitating and supporting regional hub initiatives on continuous improvement of ISMS, including instructions, controls, reports, training, or other work related to ISMS ensuring development and roll-out of training to all involved functions as well as supporting relevant teams in the implementation of ISMS requirements establishing, conducting, and following up on regional audits (internal & external) and management reviews in accordance with requirements in ISMS. To succeed in the role, you: [HFJ1] hold a degree in Information Security, Cybersecurity, Computer Science, or a related field are proficient in cyber security in IT/OT environments, preferably with in-depth knowledge on ISO27001/27019 and IEC62443. National requirements such as NIS-CAF would be advantageous possess relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) bring prior experience working independently in the energy sector, particularly in a regulated environment such as utilities, renewable energy, or oil and gas are proficient in risk assessment methodologies, security controls, and incident response management demonstrate ability to work effectively with external vendors and internal stakeholders to achieve security objectives. Maybe you’ve read the above and can see you have some transferable skills, even though they don’t quite match all the points. If you think you can bring something to the team, we still encourage you to apply. Shape the future with us Send your application to us as soon as possible. We’ll be conducting interviews on a continuous basis and reserve the right to take down the advert when we’ve found the right candidate. As an applicant or employee, you may request reasonable work and position accommodation or adjustments via accommodation@orsted.com. Please note that for your application to be taken into consideration, you must submit your application via our online career pages and answer the screening questions relevant for your country. We don't take applications or inquiries from external recruiters or agencies into account for this position.
- Company Name
- InterEx Group
- Job Title
- Network Security Engineer
- Job Description
- Job Title: Network Security Engineer Location: Seattle, WA Job Description: We are looking for a skilled Network Security Engineer with expertise in Cisco technologies to join our team in Seattle, WA. As a Network Security Engineer, you will be responsible for designing, implementing, and maintaining secure network infrastructures to protect our organization's data and systems from cyber threats. Key Responsibilities: - Design, implement, and maintain network security measures to protect organization's data and systems - Monitor network traffic for potential security breaches and respond appropriately to incidents - Conduct regular security audits and vulnerability assessments to identify and address security risks - Collaborate with cross-functional teams to implement security policies and procedures - Provide technical support and guidance to IT staff on network security best practices - Stay up-to-date on latest security trends and technologies to continuously improve network security measures Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field - 3+ years of experience in network security engineering - Strong expertise in Cisco networking technologies, including Cisco ASA, Firepower, and ISE - Experience with network security protocols and tools, such as VLANs, IPSec, and SSL VPN - Certifications such as CCNA Security, CCNP Security, or CISSP are a plus - Excellent communication and problem-solving skills - Ability to work effectively in a fast-paced, collaborative environment - Strong attention to detail and ability to prioritize tasks effectively Would love to discuss further!
- Company Name
- Tesco
- Job Title
- Principal Enterprise Security Architect
- Job Description
- What’s in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary Car Cash Allowance Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave About The Role Here at Tesco Cyber, we are seeking a highly skilled and experienced Enterprise Security Architect, who will be responsible for ensuring that all enterprise-built platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies, and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organizational security principles and best practices. You will be responsible for Design and implement robust security architectures for enterprise-wide capabilities, which our technology teams rely on regularly to operate their services and perform their day-to-day tasks efficiently, addressing identified threats and vulnerabilities. Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements, identifying security risks, and recommending mitigation strategies. Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs. Ensure all enterprise-built platforms align with our existing security framework and industry standards, while collaborating with other enabling and architecture teams to integrate security into all aspects of the organization's operations. Evaluate and enhance security processes to improve their efficiency and comprehensiveness. Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualization technologies, and databases. Develop and maintain security architecture documentation, including policies, diagrams, and procedural guides. Act as an SME and advise on the security of the M365 platform, workplace solutions, and infrastructure control plane capabilities such as virtualization layers (VMWare). Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organizational goals to enhance security posture. You will need Soft Skills Proven leadership experience as a technical individual contributor in complex organizations. Analytical mindset with a proactive approach to identifying and solving security challenges. Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences. Ability to work collaboratively with cross-functional teams while managing multiple initiatives. Demonstrated curiosity and flexibility in applying knowledge and advice. Technical Skills Demonstrable experience and expertise in designing, implementing, and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001, and MITRE. Expertise in security controls and best practices for cloud-based workplace environments. Proficiency in Microsoft 365 security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra, and Microsoft Purview. Expertise with virtualization platforms, ideally on VMware security solutions, including VMware NSX, VMware Carbon Black Cloud, and Horizon. Familiarity with virtualization security best practices and endpoint security. Proficiency in securing databases (e.g., SQL, NoSQL), with a focus on encryption, authentication, and monitoring solutions. Proficiency in risk analysis, security controls management planning, and disaster recovery planning. Experience with security technologies such as firewalls, intrusion detection/prevention systems, and encryption. Qualifications & Experience Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001). Bachelor's degree in Computer Science, Information Technology, or a related field. Minimum of 10 years of experience in information security, with at least 5 years in a security architecture role. Professional certifications such as SABSA, CISSP, CISM, or TOGAF are highly desirable. Professional certifications in risk management such as CRISC are desirable.
- Company Name
- Morgan Stanley
- Job Title
- Lead Application Security Engineer - VP
- Job Description
- JR000996 Glasgow Morgan Stanley is looking for a motivated Engineering lead to join the Cybersecurity department, who will be charged with enabling security controls in the CI/CD pipelines by rolling out SAST, SCA or DAST tools with a significant impact to the development community and to the security posture of firm’s applications. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs. Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals. Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on. What You’ll Do Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications. Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes. Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc. With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines. Support security standards, create templates and patterns to increase the efficiency and adoption of security program. Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities. These Skills Will Help You Succeed In This Role Bachelor’s degree with 10+ years of work experience in the IT field 3+ years software development experience using Python, Java or JavaScript 3+ years of cumulative experience across the following: OWASP Secure Coding Practices Common software and web application security vulnerabilities Application security scanning tools Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) Even Better If You Have A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise Ability to perform code reviews with minimal assistance A self-starter, with a strong desire for learning new technologies and applying them to solve problems Expertise in monitoring, alerting, reporting, data analysis is desired. Experience with two or more of the application build environments like Jenkins, Gradle, Maven. Familiarity with public cloud services a plus Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz. Experience with Threat Analysis. Experience with DevSecOps, Secure SDLC. DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus Experience with evaluation, integration and onboard of application security tools is a plus What You Can Expect From Morgan Stanley We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration. We Firm is differentiated by the caliber of our diverse team. While our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. Learn more about how we put this commitment to action: morganstanley.com/diversity. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. We're committed to bringing passion and customer focus to the business. Certified Persons Regulatory Requirements If t his role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks. Flexible work statement Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.