This website uses cookies to ensure you get the best experience. Learn more
Willis Towers Watson

Penetration Tester/Ethical Hacker

The Role
Willis Towers Watson Information Security requires a Web Application Penetration Tester reporting into the Penetration testing Assurance Manager.

The candidate will need to work working in partnership with multiple development and delivery teams to support all facets of the activities that underpin pen-testing and support remediation.

Responsibilities:
  • Perform manual penetration testing on web services, web, mobile and desktop applications
  • Support the Pen-testing lead to co-ordinate and execute both internal and external high risk and sensitive application and systems to scope and deadline.
  • Maintain a register of applications requiring annual penetration tests.
  • Provide assistance ensuring penetration testing pre-requisites are in place (e.g. the creation of application accounts and whitelisting of IP addresses).
  • Produce report of application pentest to determine severity of findings and to ensure proper remediation/ risk management is applied.
  • Track identified vulnerabilities through to remediation, mitigation or risk acceptance.
  • Provide 1st line support to development teams on the methods available to address vulnerabilities.
  • Provide accurate and timely reporting of findings and with recommended counter measures or mitigating controls to reduce risk to an acceptable and manageable level
  • Produce data to support MI reports pertaining but not limited to the vulnerabilities identified in application security testing.
  • May also be needed to develop and automate, where needed, scripts, tools and resources required to support the web application pen test service offering.

The Requirements 
Experience:
  • Degree or equivalent in Computer Science/ Engineering or a related field (desirable)
  • Practical knowledge of application security standards and compliance (e.g., OWASP, Sarbanes-Oxley act, HIPAA)
  • Knowledge of current application web and network vulnerabilities including those listed in OWASP Top 10 and SANS Top 25.
  • Strong understanding of cryptographic concepts and applied cryptography (SSL, AES etc.)
  • Competence in one or more scripting language. E.g. Perl, Python, Shell Scripting etc.
  • Competence in one or more high level programming languages like Java, C, C++, Ruby etc.
  • Knowledge of exploit development, vulnerability research/reporting or writing system modules in C & C++, a major advantage and added bonus.
  • Knowledge of web application technologies and layer 7 protocols like HTTP, DHCP, DNS, FTP etc.
  • Familiarity with security tools & frameworks like BurpSuite Pro, Metasploit, Kali, Canvas etc
  • Actively involved in security research around new and emerging technologies.
Desirable Core Skills
  • Effective Influencing communications style with experience of communicating at all levels.
  • Self-motivator and strong analytical thinker who is able to factor in costs, benefits, risks before recommending a solution.
  • Strong problem solving skills, using a variety of approaches and techniques to lead successful resolution for critical or wide-impact problems.
  • Ability to simplifying complex technical concepts for all levels of audience.
  • Ability to develop effective working relationships within a matrix organisation.
  • Produces audience appropriate and articulately written business and industry specific technical language communications.
The Company

Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas "EUR" the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com.
Willis Towers Watson is an equal opportunity employer
Willis Towers Watson believes that effectively managing a diverse workforce is vital to our business strategy. We have an obligation to our organization, ourselves and our clients to hire and develop the best people we can find. We will continually review our policies and practices to ensure that all areas of the employment process (including recruiting, hiring, work assignments, compensation, benefits, promotions, transfers, company-sponsored development programs and overall workplace experience) are free from discriminatory practices. We are committed to equal employment opportunities at Willis Towers Watson.
Unsolicited Contact: Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer.

Apply Now

Share this