Penetration Tester (CISO Office)

  • Category: Support Services
  • Team: Internal Risk and Compliance
  • Location: Warsaw, Poland

Description

Position at Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

The Security Consultant role offers an exciting opportunity to work within the world-renowned and truly global, Trustwave Cyber Security Enterprise CISO’s Office, reporting directly to the CISO. This unique position within the office of the CISO has the responsibility of maintaining, managing and performing security assessments of not only the public presence of Trustwave, but all of the products, services and components which are built and implemented by Trustwave security teams. This position while team oriented, requires a high level of self-direction, innovation and personal maturity.

Candidates should be well versed in penetration testing, application security of web applications, and thick clients as well as the softer side of consultancy. Consultants must be able to effectively balance workload, work effectively, and jointly with colleagues within the ever-growing team worldwide.


Specific Responsibilities:

  • The partner is expected to own and run key engagements as directed by their manager
  • As an industry leader, the consultant will maintain Trustwave's reputation within their center of excellence by participating in industry events and from time to time, supporting pre‐sales activities as required by their manager
  • Perform deep, detailed and advanced security assessments and penetration tests
  • Interact with Trustwave engineers to provide excellent service throughout the entire SDLC, beginning with conceptual design through secure development and deployment using industry best practices.
  • Performs research and creates organizational knowledge around key technologies, tools, methodologies, and architectures.
  • Mentor and support less experienced resources
  • The candidate will have the opportunity and be expected to perform security research involving bug hunting, exploit development, reverse engineering, and cryptography.
  • As a knowledge resource for the industry, this role is expected to demonstrate the ability to document and intelligently convey in writing the characteristics and skills necessary to perform exploits, respond to weaknesses and remediate incidents and compromises associated with the research and investigations performed.


Qualifications:

  • Candidate must be experienced and strong in web application penetration testing.
  • Candidate must be experienced in one of: Mobile or Thick-client Security, Automotive, Embedded, IoT, SCADA/OT, or Red Teaming
  • Software development (Java/C#/C++,C) and/or strong scripting experience required.
  • Excellent English language communication skills.
  • Ability to present at conferences.
  • Is a highly autonomous worker, able to operate with little to no supervision
  • Strong team player and technical innovator with an ability to build and leverage relationships on an inter and intradepartmental basis
  • Ability to create and maintain methodologies and process definitions
  • Experience developing, delivering and managing large incident response engagements


Education:

  • While we prefer college-educated documented academics, demonstrating the ability to prevail and negotiate in the various industry venues, an assessment of past practice and performance, industry reputation and verifiable experience is used to validate ones capabilities and qualifications to produce expected outcomes and perform successfully in this role.
  • Industry certifications preferred: OSWE, GWAPT, OSCP, or GPEN

 
Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

To All Agencies 
Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.

Share this opportunity

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely.Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries.

To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.