Key responsibilities:
Lead
penetration testing and red teaming
for systems under the CISO’s remit, covering both
corporate systems
and
internal product teams .
Plan and execute tests for:
Web, cloud, network and API applications,
Cloud workloads (e.g. government cloud platforms, containerised workloads, CI/CD paths),
Data platforms (e.g. data lakes / lakehouses and large-scale analytics platforms),
Enterprise / internal platforms (e.g. identity, collaboration, and developer tooling, as well as other approved SaaS).
Identify and validate
end-to-end attack paths
across identity, endpoints, networks, data platforms and SaaS integrations; document realistic threat scenarios and impact.
Manage
PT engagements with external vendors / programmes
(including GBBP or similar):
Define rules of engagement and scope,
Prepare environments and access,
Review reports for depth and quality and consolidate findings for product owners.
Produce...