To stay informed about new openings: Join our talent community
Finance Business Partner- Retirement, North America
Finance Business Partner- Retirement, North America
JOB SNAPSHOT
Penetration Tester (UK Shift)
Manila, PH
The Role
A penetration tester is responsible for assessing the security of web applications and its underlying infrastructure to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation.
The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.
We are looking for a collaborative team player, with a good technical knowledge in web application and infrastructure penetration testing. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.
Responsibility:
- Vulnerability Assessment: Conducting comprehensive assessments of web applications and Infrastructure to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, insecure configurations, poor host device and service configurations, and use these to penetrate deeper into the application/server.
- Penetration Testing: Performing controlled attacks on web applications. APIs, infrastructure, and simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.
- Security Analysis: Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.
- Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.
- Remediation Support: Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.
- Stay Up to Date: Keeping abreast of the latest web application and infrastructure vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web applications and infrastructure.
- Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization’s systems and data are not compromised or harmed during the process.
- Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in cyber security.
The Requirements
Minimum Criteria:
- Education: A bachelor’s degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.
- Technical Knowledge: A strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.
Skills:
- Web Application Security: In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.
- Infrastructure security: Working knowledge of different on-prem and cloud builds (IaaS, PaaS, SaaS), in-depth understanding of operating system and its common flaws.
- Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
- Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc.) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
- Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.
Holds relevant industry certification/s or equivalent like the following:
- CEH – Certified Ethical Hacker
- OSCP – Offensive Security Certified Professional
- GPEN – GIAC Penetration Tester
- PNPT – Practical Network Penetration Tester
- Burp Suite Certified Practitioner
- eWAPT/eWAPTx – eLearning Web Application Penetration Tester
Practical experience gained through participation in bug bounty programs, capture-the-flag (CTF) competitions, and real-world projects can also be valuable in showcasing skills and expertise.
Equal Opportunity Employer
UNSOLICITEDCONTACT
Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer. If you would like to have your contact information saved for future consideration, please email: Agency.inquiries@willistowerswatson.com.
OUR OFFICES
Our colleagues serve more than 140 countries and markets around the world. This gives a global dimension to everything we do and creates lots of exciting opportunities for you to collaborate and grow. Explore the map below to see where you career could take you.
Meet our people
Massimiliano Abri
Burn Domingo
Theodore Coteok
Karuna Jose
Ana Cristessa Nabuab
Nichelle Daulby
Roberta Jones
Shadab Hemani
Donna O'Riordan
Mitch Dauz
Kerstin Plag
Anna Stonelake
Elise Hunt
Mathew Stewart
Ritu Batheja
Matice Morris
Catarina Carvalho
Soumya Kurup
Leonardo Araujo
Karan Patel
Poonam Yadav
Tom Leigh-Eldredge
Karan Rai
Felipe Pradel
Michael McConnell
Mel Scrutton
Irene Larbi
Kingsley Wang
Charlie (Charlotte) Garrod
Laura Punzón
Nick Alexander
Benjamin Tessier
Paul Dowding
Pei Wang
Emma White
Basil Al Hatoum
Jasmin Bedi
Anshul Garg
Emily Reading
Dominic Ferrari
Suzanne Vaughan
Nuno Arruda
Salmaan Saeed
Massimiliano Abri
Burn Domingo
Theodore Coteok
Karuna Jose
Ana Cristessa Nabuab
Nichelle Daulby
Roberta Jones
Shadab Hemani
Donna O'Riordan
Mitch Dauz
Kerstin Plag
Anna Stonelake
Elise Hunt
Mathew Stewart
Ritu Batheja
Matice Morris
Catarina Carvalho
Soumya Kurup
Leonardo Araujo
Karan Patel
Poonam Yadav
Tom Leigh-Eldredge
Karan Rai
Felipe Pradel
Michael McConnell
Mel Scrutton
Irene Larbi
Kingsley Wang
Charlie (Charlotte) Garrod
Laura Punzón
Nick Alexander
Benjamin Tessier
Paul Dowding
Pei Wang
Emma White
Basil Al Hatoum
Jasmin Bedi
Anshul Garg
Emily Reading
Dominic Ferrari
Suzanne Vaughan
Nuno Arruda
EVENTS
Posse Annual Virtual Career Fair
July 24 @ 3:00 pm - 6:00 pmPosse Annual Virtual Career Fair
July 24 @ 3:00 pm - 6:00 pmOLA Early Career Symposium
August 4 @ 9:00 am - August 5 @ 5:00 pmOLA Early Career Symposium
August 4 @ 9:00 am - August 5 @ 5:00 pmUniversity of Toronto's Actuarial Career Fair 2024 (Virtual)
August 28 @ 10:00 am - 12:00 pmUniversity of Toronto's Actuarial Career Fair 2024 (Virtual)
August 28 @ 10:00 am - 12:00 pmJOURNÉE CARRIÈRE ACTUARIAT
September 11 @ 11:00 am - 2:00 pmJOURNÉE CARRIÈRE ACTUARIAT
September 11 @ 11:00 am - 2:00 pmUniversity of Toronto's Actuarial Career Fair 2024 (In-person)
September 13 @ 1:30 pm - 3:30 pmUniversity of Toronto's Actuarial Career Fair 2024 (In-person)
September 13 @ 1:30 pm - 3:30 pmPosse Annual Virtual Career Fair
July 24 @ 3:00 pm - 6:00 pmPosse Annual Virtual Career Fair
July 24 @ 3:00 pm - 6:00 pmOLA Early Career Symposium
August 4 @ 9:00 am - August 5 @ 5:00 pmOLA Early Career Symposium
August 4 @ 9:00 am - August 5 @ 5:00 pmUniversity of Toronto's Actuarial Career Fair 2024 (Virtual)
August 28 @ 10:00 am - 12:00 pmUniversity of Toronto's Actuarial Career Fair 2024 (Virtual)
August 28 @ 10:00 am - 12:00 pmJOURNÉE CARRIÈRE ACTUARIAT
September 11 @ 11:00 am - 2:00 pmJOURNÉE CARRIÈRE ACTUARIAT
September 11 @ 11:00 am - 2:00 pmUniversity of Toronto's Actuarial Career Fair 2024 (In-person)
September 13 @ 1:30 pm - 3:30 pmUniversity of Toronto's Actuarial Career Fair 2024 (In-person)
September 13 @ 1:30 pm - 3:30 pmThere are no upcoming events at this time.