Digital Solutions - Lead InfoSec Consultant
Who we are:
There has never been a more exciting time to join the Digital Solutions business unit at CACI LTD. CACI help clients transform their businesses using data and technology so that they are ready for the challenges of today and tomorrow.
Essential Duties and Responsibilities:
As a Lead InfoSec Consultant, you'll take the lead in executing advanced penetration tests and vulnerability assessments across a diverse portfolio of applications. This is a hands-on, technical role where you’ll actively identify, exploit, and help remediate security weaknesses in web, mobile, and cloud-based applications. You'll be at the forefront of defending against cyber threats by implementing cutting-edge security tools, collaborating with development teams to integrate security into the SDLC, and playing a critical role in protecting the organisation's digital assets. The successful candidate will play a hands-on role in testing the security of applications, networks, and systems, while ensuring that security standards are integrated into the development process.
Key Responsibilities:
Penetration Testing & Vulnerability Assessment:
- Conduct and oversee regular penetration tests and vulnerability assessments on applications, networks, systems, and infrastructures.
- Identify, exploit, and document vulnerabilities, including demonstrating the business impact of potential exploits.
- Analyse and prioritise vulnerabilities based on risk and provide detailed technical reports with recommended remediation steps for developers and system administrators.
- Keep up to date with the latest security vulnerabilities, exploits, and attack methodologies to ensure effective penetration testing.
Security Risk Management:
- Develop and manage the organisation’s vulnerability management program, ensuring compliance with internal policies and industry regulations.
- Identify security weaknesses and work with stakeholders to develop mitigation strategies.
- Conduct regular security risk assessments and develop action plans to improve the organisation’s security posture.
Team Leadership & Collaboration:
- Lead a small team of security analysts and engineers focused on vulnerability management and penetration testing.
- Work closely with IT, development, and business teams to ensure security best practices are integrated into daily operations and development lifecycles.
- Mentor and train team members and junior staff on security best practices.
Incident Response & Investigation:
- Assist in incident detection, response, and investigation when vulnerabilities are exploited or identified in real-time.
- Work with relevant teams to contain and mitigate security breaches, ensuring minimal impact on the business.
- Develop post-incident reports, including root cause analysis and remediation strategies.
Security Strategy & Improvement:
- Stay up-to-date on the latest security trends, tools, techniques, and frameworks.
- Continuously evaluate and improve the organisation’s security policies, standards, and practices.
- Recommend and implement new technologies or processes to strengthen overall security defences.
Technologies and Soft Skills required:
- Advanced technical knowledge of penetration testing techniques, security assessments, and vulnerability exploitation.
- Expertise in security testing tools (such as Burp Suite, Metasploit, Nmap, OWASP ZAP, etc.), as well as manual testing methods.
- Strong understanding of common application security vulnerabilities (such as SQL injection, XSS, CSRF, insecure deserialization, etc.) and OWASP Top 10.
- Proficiency in using and configuring vulnerability scanners (Nessus, Qualys, or similar) and interpreting their results.
- Familiarity with cloud security testing and testing applications hosted on platforms like AWS, Azure, or Google Cloud.
- Understanding of DevSecOps practices and experience integrating security testing into CI/CD pipelines.
Experience:
- Minimum of 5-7 years of experience in information security, with at least 3 years focusing on penetration testing, vulnerability assessment, and application security.
- Proven track record of executing penetration tests and exploiting vulnerabilities in complex systems and applications.
-
- Experience with vulnerability scanning tools (e.g., Nessus, Qualys, OpenVAS) and penetration testing tools (e.g., Metasploit, Burp Suite, Kali Linux).
- Familiarity with common security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, PCI-DSS)
- Relevant certifications (e.g., CEH, OSCP, CISSP, CISM, GIAC) are strongly preferred.
Other details
- Pay Type Salary
- Job Start Date 02 December 2024
- Kensington, London, UK