As a Senior Security Penetration Tester, you will be responsible for supporting the design, implementation, and maintenance of TVM (Threat & Vulnerability Management) solutions, controls and processes across the organisation. You will be liaising with Digital teams to ensure appropriate mitigation and remediation of vulnerabilities detected across our IT estate.
This role requires an understanding of TVM concepts, technologies, and best practices, as well as the ability to collaborate effectively with cross-functional teams. The ideal candidate will possess strong communication and will be committed to ensuring the highest level of security, compliance, and user experience.

WORKING AT THAMES WATER

Thames Water is a unique, rewarding and diverse place to work, where every day you can make a difference, yet no day is the same. As part of our family, you’ll enjoy fast-tracked career opportunities, flexible working arrangements and excellent benefits.
Whether you’re interested in a role in one of our call centres or science labs, we’re looking for people like you with real passion and a burning desire to make things better.
So, if you’re looking for a sustainable and successful career where you can make a daily difference to millions of people’s lives while helping to protect the world of water for future generations, we’ll be here to support you every step of the way. Together, we can build a better future for our customers, our region and our planet.
Real purpose, real support, real opportunities. Come and join the Thames Water family. Why choose us? Learn more.
Our overarching aim is to ensure that Thames Water is a great, diverse and inclusive place to work. We welcome applications from everyone and offer extra support for those who need it throughout the recruitment process. Our aim is to remove any real or perceived barriers to success, so if you need assistance, we’re here to help and support.
When a crisis happens, we all rally around to support our customers. As part of Team Thames, you’ll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It’s also a great opportunity to learn more about our business, meet colleagues and earn some extra money along the way.

WHAT YOU’LL BE DOING AS A SENIOR SECURITY PENETRATION TESTER

• Help support and develop an internal penetration testing function.
• Conduct network, application penetration testing, code and security reviews.
• Identify and exploit vulnerabilities through proof-of-concept testing.
• Support vulnerability management across the enterprise, ensuring that a framework for identification, categorisation and mitigation exists and is implemented and maintained.
• Responsible for supporting the creation of the operating model for vulnerability management, that it is shared, agreed and operates effectively across the business.
• Develop and maintain penetration testing documentation, policies, and procedures.
• Integrate cyber security solutions (e.g. vulnerability scanning tools) with existing systems, applications, and infrastructure.
• Evaluate and recommend technologies, tools, and vendors to meet business needs.
• Investigate newly identified cyber security vulnerabilities and provide appropriate mitigation actions.
• Liaise and coordinate with technology and business stakeholders in relation to cyber security patching and vulnerability management issues/actions.
• Maintain a cyber threat assessment methodology, align to evolving industry standards and integrate into BAU and project-based business processes.
• Support with proactive threat hunting for new and emerging cyber threats.
• Develop and maintain dashboards with cyber security threat and vulnerability metrics.
• Support compliance with relevant industry standards, regulations, and best practices, such as GDPR, NIS and ISO 27001.

WHAT YOU SHOULD BRING TO THE ROLE

• Strong knowledge of manual penetration testing techniques and confident with operating systems and tools such as Tenable, Burp Suite, Kalli Linux.
• Exposure to remediating vulnerabilities and patch management in a complex business environment.
• Experience in remediating cyber risks in the ever-changing digital estate.
• 3 years of experience in a penetration testing enterprise environment.
• Prepare detailed reports and the ability to present findings to key stakeholders.
• Cyber security industry certification(s) such as CSTM/ CRT/ OSCP/CTL.
• Understanding of different patching management techniques and approaches for different technology stacks (e.g. SaaS, IaaS, End-User Computing, Server Estate, etc.).
• Knowledge of TVM concepts, technologies, and best practices, including OSINT tools, vulnerability assessment, threat modelling, etc.