Information Security Specialist - Red Team (Stoke)

Who we are looking for An Information Security Specialist – Red Team who will focus on the technical side of IT security, specifically testing the security of applications and infrastructure. You will work on the security of closed sourced, open source and in house written applications and ensure that systems and services are built with privacy and security by design. Whilst you will work with teams across the Business, specifically Software Development and Infrastructure, to confirm that vulnerabilities and security misconfigurations are understood and mitigated, the role is not a vulnerability management role. You will have hands on experience, and a strong knowledge of hacking, ensuring there is no sole reliance on automatic tools. You will review internal and external services used by our employees and external customers, on our applications and infrastructure, which are produced or hosted internally and exposed externally, verifying that they are built and configured securely. This role is eligible for inclusion in the Company’s hybrid working from home policy. Preferred skills and experience Broad understanding of technology functions and how they relate to Information Security. Knowledge of planned, structured methodologies for conducting and reporting when conducting security assessments. Supporting the current application security team by testing in-house developed applications running on test environments. Advanced working knowledge of penetration testing techniques, application security best practices and the industry standard tools. Strong ability to plan and execute security assessments in a controlled manner against pre-agreed environments, whilst working to deadlines. Understanding of command and control frameworks, active directory and cloud penetration techniques. Understanding of industry standard Information Security practices. Industry recognised certifications such as OffSec Experienced Pentester (OSEP), Certified Red Team Operator (CRTO), OffSec Certified Expert (OSCE), OffSec Web Expert (OSWE) and OffSec Certified Professional (OSCP). Strong communication skills, when providing security best practice advice on upcoming technologies that will be used by the business. Excellent documentation skills with a high attention to detail. Main Responsibilities Conducting manual and automated security testing. Completing security vulnerability analysis and assessment. Identifying and managing any security flaws within the business software and infrastructure appropriately, whilst liaising with colleagues in vulnerability management and both internal and external resolver groups. Collaborating seamlessly with our development, infrastructure and security teams to fortify our systems against cyber threats. Optimising processes and operations by creating and maintaining technical documentation, custom tools and scripts. Staying updated on tools, tactics and techniques used by real world threat actors such as APTs, so they can be mitigated in our environment. Taking responsibility for the security of tested products. Developing an understanding of the wider business. By applying to us you are agreeing to share your Personal Data in accordance with our Recruitment Privacy Policy which can be found at