Penetration Tester, EMEIA IS&T
London, Greater London, United Kingdom
Corporate Functions
In a fast-evolving digital world, our team seeks a Security Penetration Tester to tackle emerging cyber threats. With us, you'll play a pivotal role in safeguarding Apple's Online Store, Apple Store App, flagship Retail locations, and vital backend customer and payment systems. You'll get to dive into cutting-edge technologies, collaborate with industry experts, and safeguard critical digital assets. Join us to turn your skills in code analysis, penetration testing, and security research into impactful results. If this sounds like a role for you, we would love to meet you!
Description
As a penetration tester, you can expect to do the following:
- To conduct manual penetration testing against web applications, APIs, cloud environments, infrastructure and mobile applications
- Communicate these findings in high-quality reports and presentations
- Provide mentorship to engineering teams and non-technical partners
- Develop scripts and tooling to augment penetration testing activities or demonstrate proof of concepts
- Source code review of large complex applications
- Perform other security tasks and responsibilities
Minimum Qualifications
- Passion for information security, particularly in penetration testing
- Knowledge of web application security
- Ability to read and understand source code (Java, JavaScript, Go etc), and find vulnerabilities in sophisticated code bases
- Ability to learn new skills, concepts and technologies
- Strong written and verbal communication skills, ability to communicate vulnerabilities to a variety of stakeholders
- Strong understanding of fundamental computing, database, networking and security concepts
Key Qualifications
Preferred Qualifications
- Bachelor's in Computer Science or equivalent
- Additional Requirements:
- OSCP or OSWE certification (nice to have)
- Experience with CTFs or hacking labs
- Proficiency in MacOS and other Unix based systems
- Ability to grasp large sophisticated systems and context-switch when needed
- Programming/scripting skills (Python, JavaScript, Go, etc)
- Knowledge of cloud architecture and security (nice to have)
- Publications, security research, bug bounties or CVEs are highly regarded