Website Virgin Money
Are you passionate about cyber security and eager to make a real impact? At Virgin Money, we’re looking for a dynamic Penetration Test and Red Team Lead to join our busy Vulnerability Management team. You will be part of a specialist function to support widening of our testing programme, developing and facilitating third party testing, and working closely with our technology and infrastructure colleagues to assess and prioritise findings, giving straight up advice on security best practice and our regulatory requirements.
It’s a great opportunity to work with industry-leading tools and security partners, to enhance your analytical, technical and communication skills, and to really make a difference to our customers and colleagues.
What you’ll be doing
Deliver our penetration testing and Red Team programme: ensure tests are delivered to scope and on time, with results assessed by key stakeholders
Develop our testing programme: identify and progress penetration testing and red team targets which support the validation of our security posture
Third Party Relationship Management: working with our providers to develop approach and scope, ensuring tests provide external assurance in line with the Bank’s risk appetite
Vulnerability Assessments: assess the output from tests, providing guidance to key stakeholders on next steps and best practice, tracking remediation to completion
Assess Security Risks & Threat Landscape: Identify and evaluate security risks on the Bank’s applications and infrastructure, making recommendations to continuously improve Virgin Money’s security posture in an ever-changing threat landscape
Provide Expert Guidance: Offer expert guidance and advice on test findings, our policy & standards, industry regulations, frameworks, and best practices, to support understanding and prioritisation of efforts by key stakeholders
Support and Mentoring: Assist in the development of the team, providing mentorship to junior team members, fostering a collaborative and growth-oriented environment
We need you to have
A good understanding of the penetration testing and vulnerability management lifecycles, with an appreciation of testing techniques, the OWASP Top 10, and minimisation of risk
Ability to implement and manage a testing delivery programme, working independently and proactively with internal technical and managerial stakeholders, and third party providers
Experience of testing IT infrastructure, web and mobile applications, networking components,
Excellent stakeholder management skills, with the ability to manage relationships with internal technical and managerial stakeholders, and third-party providers of technically accredited testing
Experience of analysing and translating output from penetration tests and red team exercises, with an ability to conduct risk assessments and communicate remediation requirements, acting as an SME on security incidents where required
Knowledge and experience of providing security guidance on vulnerabilities, best practice and expectations
Proven experience of building and managing a service improvement programme, including task allocation, management and tracking, supporting resource requirements, and budget management
It’s a bonus if you have but not essential
Experience of red and purple team exercises and a technical leadership role.
Knowledge of ethical hacking methodologies and industry standards and frameworks, such as NIST, CIS.
Exposure to automated/continuous pen testing capabilities and tools
To apply for this job please visit careers.virginmoney.com.