Penetration Tester

Company Description
**We are SGS - the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 97,000 employees operate a network of 2,650 offices and laboratories, working together to enable a better, safer and more interconnected world.**

**Job Description**:
**Working as a key member of our global IT Security team, you will be responsible for conducting pen testing activities and vulnerability assessments. In addition, you will be involved in projects to develop our IT Security posture and play a role in the evolution of our IT Security infrastructure.**

**More specifically, you will**:

- Identify and define system and security requirements, baselines and controls for both the existing environment and new developments in IT infrastructure;
- Contribute in the preparation and documentation of Standard Operating Procedures in the IT security area such as Incident Handling, Problem Management and Forensics Investigations;
- Identify opportunities for, and promote automation and new technical solutions and security tools to help mitigate security vulnerabilities and improve efficiency;
- Participate in evaluation and selection of products and security solutions, set the security requirements and coordinate / run PoCs / project management;
- Coordinate and / or perform penetration tests, evaluate findings and drive mitigation;
- Coordinate and / or perform vulnerability assessments, evaluate findings and drive mitigation;
- Provide reports for assessment findings, product evaluations, propositions for further system security enhancement etc;
- Hunting for web specific vulnerabilities;
- Performing manual penetration test (blackbox / greybox);
- Support development teams with consultations on your findings;
- Cooperation and decision making across other penetration testing teams.

**Qualifications**:

- Educated to degree level in Information Technology, Computer Science, or a relevant discipline;
- 3 years plus experience of web penetration testing. You will be experienced with security frameworks such as OWASP, SANS, MITRE, OSSTMM;
- Basic understanding of web-app architectures, software development concepts, PortSwigger BurpSuite or equivalent software;
- Good understanding of HTTP protocol, Oauth, SSO, JWT, HTML, REST, JSON, WebServices, SOAP, XML and JavaScript debugging;
- Ethical Hacker Certified (CEH) required and OCSP Certification is a plus.

Additional Information
- ** This position will be based at our IT hub in Madrid. **We offer hybrid working**

A career at SGS enables you to collaborate in an open, friendly and supportive culture that thrives on teamwork, and flourish in an environment where people respect and help each other to grow and succeed. Expand and enrich your career through endless opportunities to learn, grow your expertise and fulfill your potential.