Security Engineer and Pen Tester
makes the freedom of flight possible by designing, manufacturing and supporting the world’s best aircraft. Its people around the globe are united by a passion for aviation, as well as their desire to create better, more efficient ways for airlines and passengers to fly.
The Security Engineer and Pen Tester role requires the responsible person to have a solid base of practical experience in security, including use of the common Penetration Tool (e.g NMAP, Nessus, Wireshark) and also experience in system engineering on large projects. The Security Engineer and Pen Tester role encompasses a number of differing tasks – to include:
1. Management of the issues arising from External penetration testing, auditing and ITHC activities.
2. Interfacing with engineering and deployment teams to identify Penetration Test mitigations and overseeing their deployment to the operational environment.
3. Security testing of the production and validation environments to assure deployment of mitigations.
4. Liaison with external Testing companies to procure validation tests.
5. Definition of lockdowns, specification of validation for lockdown.
6. Security guidance to the other engineering groups and subcontractors
7. Technical Assessment of vulnerabilities and their impacts (application, system, operational) then consultation on resolution.
8. Support to verification, including definition and execution of test procedures
9. Activities as directed by the Security Manager.
1. Trustworthy and use a trustworthy manner in all interactions with customers, colleagues and suppliers.
2. Committed to personally following good security practice to provide example to others in the team.
3. Driven to improve security but not dogmatic.
4. Persistent and resilient.
Essential Skills / Qualifications:
1. Technology: Linux Bash, Nessus, Wireshark, NMAP.
2. At least 3 years in a dedicated security role.
3. At least 3 years on a large government, or similar scale project.
4. At least one of the following Security Credentials: CEH, CISSP, CSSLP, CCP (IA Architect), GICSP, CCNA Security, GSE, CISSP, GCIA, GREM, GCIH, GNET or equivalent.
1. Experience in working within a SOC (security Operations Centre).
2. Kali Linux
3. Experience in large engineering teams working on the implementation of new large systems
4. An understanding of Network attack Methodologies or understanding and experience of both the Windows and UNIX based Operating System and application environments
5. Compliance/Audit experience.
6. Deployment of SIEM Tools an SOC development.
7. Experience of large system engineering, including requirements management and baseline management using CASE tools (e.g. IBM DOORS).
8. Hold Qualification in either CLAS or CCP at the SIRA (Security a