Penetration Tester

Full Time 

Others

Apply Via efinancialcareers Save this job
Job Description
Role Profile

At FNZ we take security seriously, our growing of the security organisation reflects this. We are developing a class leading security function and are looking for passionate people to join our team.

We are looking for someone to help build our application security function. Reporting directly to the Application Security Lead, this exciting opportunity will have an important role in enhancing application security across the group.

The role will be working closely with the development teams and the financial crime team to ensure we have the correct security controls in place to stop fraudulent activity within FNZ. This will cover everything from business logic and design, authorization controls, cryptography, through to application code reviews. From threat modelling / design and code reviews to manual and automated security testing. The role will also provide input to application security training and advise on best security practise to the development teams across the group.

Role Responsibilities
  • Providing technical investigations within FNZ source code for:
    • Configurations relating to business logic
    • Ensuring authorisation and access controls are correct
    • Checking for back doors in the code base
    • Checking PI and IP data is secured
    • Provide threat modelling support
    • Support FNZ application/product releases
  • Assuring the security of the applications we develop
  • Implementing our application security strategy
    • Design reviews
    • Threat modelling
    • Code scanning
    • Third party library security
    • Mobile application scanning
    • API scanning
  • Engaging with architects, engineers, financial crime team, security champions and product teams across the organisation
  • Driving developer engagement and a culture of secure development
  • Managing relationships with key suppliers


Experience Required
  • Ideally performed a similar role
  • Able to advise and carry out penetration testing of web and mobile applications
  • Able to work in extremely fast-paced environment, collaboratively, and autonomously
  • Understand the SDLC processes and tooling
  • Comfortable with collaboration, open communication and reaching across functional borders with a strong focus on business outcomes
  • Worked with internationally distributed teams for a global organisation
  • Experience in one or more of; various .Net (c#, ASP, 'net core) SQL, React
  • Must have experience in hybrid environments using both on premise data centres and cloud hosting
  • Experience of OWASP and SANS
  • Exposure to deployment tools such as Jenkins and Team City
  • Ideally experience working across organisations that use Waterfall and more Agile / DevOps ways of working
  • Fintech/Financial Services sector experience desirable
  • An understanding of the UK platform market desirable


Other open positions

New positions coming soon.