Penetration Tester: Digital Risk Manager/ Assistant Manager

Position summary

Are you passionate about leading a Cybersecurity Team and addressing cybersecurity challenges, associated with threats and vulnerabilities? Are you interested in a role that offers an opportunity to provide front line support to our clients spanning in multiple industries?  If yes, then Grant Thornton’s Cybersecurity team could be the place for you! Join our team of Digital Risk professionals to support cyber security and penetration testing engagements.

  Role description:

• As a Manager / Assistant Manager you will conduct technical security assessments and work on information security projects which require expertise in one or more of the following areas: Penetration Testing / Ethical Hacking, Vulnerability Assessments, Social Engineering and Red Teaming. You will identify and exploit technical vulnerabilities in real-world environments, assess business risks of the technical vulnerabilities and communicate to client personnel.
• As a leader and member of our team, you will participate in technical security assessments and work on information security projects and have the opportunity to develop your knowledge through your day-to-day professional activity as well as learning from more experienced colleagues.
• You will be leading a team of experts and manage client projects in an efficient and professional manner to maintain and exceed client expectations.
• Understand objectives for stakeholders, clients and Grant Thornton whilst aligning own performance to objectives and set personal priorities.
• Develop themselves by actively seeking opportunities for growth, shares knowledge and experiences with others, and acts as a strong brand ambassador.
• Seek opportunities to challenge themselves, collaborate with others to deliver and takes accountability for results.
• Build relationships and communicates effectively in order to positively influence peers and stakeholders.
• Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected, and recognized for their contribution.
• These positions in the Penetration Testers Team require quick learning and the ability to work with new technologies, tools and techniques.

 Some typical projects in which you will be involved:

• Web application / API Penetration testing: trying to find vulnerabilities in web applications (i.e. Internet Banking, e-commerce websites, web portals etc.) and report them to clients. Trying to exploit these vulnerabilities in order to demonstrate their potential impact on the business.
• Internal network penetration testing - simulating a malicious person (visitor, temporary member of staff etc.) who already has access to the internal network of our client. Starting only from a simple network port access you will have to gain access to sensitive information from the client's internal network, gain Domain Admin access or reach other flags.
• Mobile application penetration testing: trying to find vulnerabilities in mobile applications (Android, iOS, Windows phone) and suggest corrective measures to improve their security.
• Social Engineering: trying to trick clients’ employees using various scenarios such as E-mail Phishing, Website Phishing, Smishing, Vishing, physical social engineering etc. The objective is to raise awareness
• Make demos and presentations to clients.
• Technical research and presenting our results to hacking conferences - local and international.

  Specific requirements:

• Minimum of 5 years’ experience working in a professional environment preferably as part of an operational security function (application testing, penetration testing, and/or red teaming).
• Since IT Security is a multidisciplinary field, we are looking for a person who has a broader understanding of technical concepts from one or more of the following areas: web applications, mobile applications, system administration, networking, software development.
• In order to understand the technical level that we need, here are a few keywords that you should be familiar with: OWASP Top 10, HTTP protocol, SSL, SQL, JavaScript, TCP/IP, DNS, Burp Suite, Wireshark, Nmap, Linux shell commands, Python, PowerShell, AD.
• Since we work with local and international clients, we are looking for a person capable of presenting and writing the reports in very good technical and business Greek and English (oral and written).

 Other requirements are:

• We are looking for practical experience in at least one of the following: security testing, web application testing, mobile app testing
• The ability to work effectively either individually or as a member of a multi-skilled team.
• Professional discipline, accuracy, reliability and excellent analytical skills;
• Strong interpersonal skills, team spirit, resilience, flexibility, adaptability and self-motivation.
• A Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity, Computer Forensics
• A professional certification (such as OSCP, OSCE, CEH, LPT, CCNA, CompTIA Security+ etc.) would be an advantage.

Benefits

What will we offer to you

• Friendly and dynamic working environment, in which you can develop your skills and competencies;
• A workplace with a strong focus on values, work-life balance and the joint aim to provide the best possible solutions for our clients;
• International exposure through our Grant Thornton network (GTIL) and global opportunities. You will have the chance to work on international engagements with colleagues from other member firms. 
• A learning & development path, which focuses on both technical & soft skills. You will also have access to coaching and mentoring;
• Your professional and personal success is our commitment.

Other benefits to support you in every way possible

• Competitive remuneration and benefits package, including recognition schemes and 13^th salary
• Overtime / Bonus scheme
• Medical insurance
• Provident fund
• Paid maternity and paternity leave
• Parental leave allowance
• "Be there for our family paid leave" scheme
• "Giving back to the community paid time off" scheme
• "Flexible Working Arrangements" scheme
• "Dress For Your Diary" scheme
• Afternoon off on Fridays
• Four-day long weekends in August (all Fridays free)
• “We never miss a public holiday” scheme
• Sponsorship of yearly professional subscriptions
• Several opportunities for professional and personal growth through the Grant Thornton network. Our Firm also has representatives participating in every global initiative from GTIL;

What you will you need to do next?

If you believe that Grant Thornton is the right place for you, you have the right attitude, skills, aspiration for success and share our CLEARR values we invite you to submit your application.

Through our fair, transparent and consistent resourcing procedures, we are committed to ensure that the candidate experience for all applicants is of the highest professional standards.