Penetration Tester

About the Company

American Express is a globally integrated payments company, providing customers with access to products, insights, and experiences that enrich lives and build business success. We are a leader in financial services, offering a diverse range of products including credit cards, charge cards, and travel-related services worldwide. Our commitment to innovation, customer service, and security is paramount, and we continually invest in cutting-edge technology and talent to protect our digital assets and customer data.

Job Description

We are seeking a skilled and proactive Penetration Tester to join our dynamic cybersecurity team in Brighton. In this critical role, you will be responsible for identifying vulnerabilities in our applications, systems, and networks, simulating real-world attacks, and providing actionable recommendations to enhance our security posture. This position offers a unique opportunity to work with advanced security technologies within a large, complex enterprise environment, contributing directly to the safety and integrity of our global financial operations. If you are passionate about cybersecurity, enjoy challenging conventional thinking, and possess a strong ethical hacking mindset, we encourage you to apply.

Key Responsibilities

• Conduct comprehensive penetration tests on web applications, mobile applications, APIs, network infrastructure, and cloud environments.
• Perform vulnerability assessments, threat modeling, and security reviews across various platforms.
• Identify, document, and prioritize security vulnerabilities and misconfigurations.
• Develop and execute test plans, scripts, and tools to discover security flaws.
• Provide clear, concise, and actionable recommendations to development and operations teams for remediation.
• Collaborate with security architects, developers, and system administrators to implement security best practices.
• Stay current with the latest cybersecurity threats, attack techniques, and industry best practices.
• Participate in the continuous improvement of our security testing methodologies and tools.
• Prepare detailed reports on findings, including technical explanations and strategic recommendations.

Required Skills

• Proven experience in conducting penetration tests and vulnerability assessments.
• Strong understanding of network protocols, operating systems (Windows, Linux), and web technologies.
• Proficiency with penetration testing tools such as Burp Suite, Nmap, Metasploit, Nessus, Wireshark, etc.
• Familiarity with common web application vulnerabilities (OWASP Top 10) and remediation techniques.
• Knowledge of scripting languages (e.g., Python, PowerShell, Bash) for automation and exploit development.
• Excellent analytical and problem-solving skills.
• Strong written and verbal communication skills, with the ability to explain complex technical issues to non-technical stakeholders.
• Understanding of security frameworks and compliance standards (e.g., PCI DSS, ISO 27001, NIST).

Preferred Qualifications

• Relevant security certifications (e.g., OSCP, CEH, GPEN, GWAPT).
• Experience with cloud security (AWS, Azure, GCP) penetration testing.
• Familiarity with secure development lifecycles (SDLC) and DevSecOps practices.
• Experience with static and dynamic application security testing (SAST/DAST) tools.
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field.

Perks & Benefits

• Competitive salary and performance-based bonuses.
• Comprehensive health and wellness benefits package.
• Generous paid time off and flexible working arrangements.
• Pension scheme with company contributions.
• Access to ongoing professional development, training, and certification programs.
• Employee stock purchase plan.
• On-site gym and wellness facilities.
• Modern, collaborative office environment in a vibrant city.
• Employee assistance program for personal and professional support.

Apply Now