PERMANENT OPPORTUNITY

At Bupa, we’re committed to protecting the value we create by delivering innovative, secure, and scalable solutions for the future of healthcare. We are looking to hire a Senior Penetration Tester who plays a critical role in identifying, assessing, and mitigating security vulnerabilities within Bupa applications, networks, and IT systems. They conduct simulated attacks to evaluate the effectiveness of security measures and ensure that systems are resilient against real-world threats and validate the exploitability of identified vulnerabilities.

QUALIFICATIONS, TRAINING AND EXPERIENCE

• 15+ years of experience in Information Technology, minimum 10 years’ experience in Security
• 10 years of pentesting experience Certifications:
• Certified Ethical Hacker (CEH): Industry-standard certification focused on ethical hacking and penetration testing techniques.
• Offensive Security Certified Professional (OSCP): Highly regarded certification for penetration testers, demonstrating practical skills in offensive security.
• GIAC Penetration Tester (GPEN): A certification focused on penetration testing and ethical hacking methodologies.
• Certified Cloud Security Professional (CCSP): Relevant if working with cloud environments (AWS, Azure, GCP). Additional Certifications (Optional but Beneficial): • CREST Registered Penetration Tester (CRT): A certification specifically for penetration testers, focusing on best practices. • SANS GPEN or GWAPT: For deeper knowledge in web application penetration testing.
• Certified Red Team Professional (CRTP): Focuses on advanced tactics used by attackers and security testing. Experience:
• Vendor and partner management experience, including professional services and technology vendors.

• Perform thorough penetration testing on Bupa’s applications, networks, and IT systems to identify security weaknesses and vulnerabilities and identify and exploit vulnerabilities in both internal and external systems.
• Conduct assessments on web applications, mobile applications, network infrastructures, cloud environments, and endpoints.
• Simulate real-world cyberattacks to evaluate the security posture of Bupa’s systems and applications.
• Safely exploit vulnerabilities to demonstrate the potential impact and exploitability of identified security weaknesses.
• Provide a risk analysis of identified vulnerabilities based on severity, exploitability, and potential business impact.
• Prioritise findings based on risk and collaborate with technical teams to address the most critical issues first.
• Document and report all findings, including vulnerabilities, exploits, and recommendations for remediation.
• Deliver executive-level summaries to communicate the potential business impact of security risks.
• Work closely with development, security, and IT teams to ensure vulnerabilities are remediated effectively and in a timely manner.
• Provide guidance and support for the implementation of security best practices within development processes and system configurations.
• Participate in security incident response for pipeline and application-level security events, performing root cause analysis and implementing long-term remediation.
• Ensure all testing activities comply with organizational security policies, legal requirements, and industry standards (e.g., CREST, OWASP, NIST, GDPR).