Penetration Tester

Company Description
**SGS is the world's leading inspection, verification, testing and certification company and recognized as the global benchmark for quality and integrity. With more than 96,000 employees, we operate a network of more than 2,700 offices and laboratories around the world.**

**Job Description**:
**Working as a key member of our global IT Security team, you will be responsible for conducting pen testing activities and vulnerability assessments. In addition, you will be involved in projects to develop our IT Security posture and play a role in the evolution of our IT Security infrastructure.**

**More specifically, you will**:

- Identify and define system and security requirements, baselines and controls for both the existing environment and new developments in IT infrastructure;
- Contribute in the preparation and documentation of Standard Operating Procedures in the IT security area such as Incident Handling, Problem Management and Forensics Investigations;
- Identify opportunities for, and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency;
- Participate in evaluation and selection of products and security solutions, set the security requirements and coordinate / run PoCs / project management;
- Coordinate and / or perform penetration tests, evaluate findings and drive mitigation;
- Coordinate and / or perform vulnerability assessments, evaluate findings and drive mitigation;
- Provide reports for assessment findings, product evaluations, propositions for further system security enhancement etc;
- Hunting for web specific vulnerabilities;
- Performing manual penetration test (blackbox / greybox);
- Support development teams with consultations on your findings;
- Cooperation and decision making across other penetration testing teams.

**Qualifications**:

- Educated to degree level in Information Technology, Computer Science, or a relevant discipline;
- 3 years plus experience of web penetration testing. You will be experienced with security frameworks such as OWASP, SANS, MITRE, OSSTMM;
- Basic understanding of web-app architectures, software development concepts, PortSwigger BurpSuite or equivalent software;
- Good understanding of HTTP protocol, Oauth, SSO, JWT, HTML, REST, JSON, WebServices, SOAP, XML and JavaScript debugging;
- Ethical Hacker Certified (CEH) required and OCSP Certification is a plus.

Additional Information
**This position will be based at our IT hub in Madrid. **We offer hybrid working