Penetration Tester

**The Role**:
**Where you fit in**

You will be a core player in IRM Function is to ensure that Shell is addressing Information Risks in an effective and efficient manner, commensurate with Shell risk appetite, and being seen as an industry leader among peers and key suppliers of security services.

The Information Risk posture of Shell includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks. In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents.

Organisationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organisation (ITSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT. Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that Shell operates in.

**What’s the role**

As businesses leverage digitalization opportunities, their cyber-attack surface structurally increases, which can lead to business disruptions, data breaches and brand damage. High profile industry incidents show that these risks are real, and this has turned cyber resilience into a topic for Boards.

Furthermore, you are accountable for the following:

- Cyber-attacks can cause damage to reputations, destruction of assets and loss of information. Shell is taking action to detect and respond to the continuous flow of these types of attacks.
- As part of the Information Risk Management function, the CyberDefence capability has specific focus on identifying cyber threats, discovery of IT vulnerabilities, monitoring for cyber intrusions and response to security incidents
- Support the Pen test Lead in planning penetration tests based on new IT developments and hypothetical threat scenarios and find appropriate budget and sponsors.
- Where necessary to help find additional expertise necessary to execute the tests.
- Report on findings, fixing high risk vulnerabilities as soon as possible and registering other vulnerabilities for later risk prioritization and remediation where required
- Operate periodic vulnerability scanning tools and services such as Nexpose, and others
- Support the pen test Lead in consolidating the vulnerability scanning tools where possible.
- Integrate reporting with other CyberDefence data in IRM workflow system (Collective) and data analytics solution (IRM investigation platform)
- Creating monthly report, sharing the report with required stakeholders
- Creating projects in reporting tool and giving access to required pen testers

**What we need from you**

Along with an appreciation of the commercial landscape, we’d also hope to see some of the following on your CV:

- 5-8 years of total experience with basic training in pen testing
- Bachelor’s Degree in related fields
- Excellent communication skills (verbal & written)
- Coordination skills
- A confident and passionate accessibility advocate but down to earth, humble, and personable
- Collaborative, inquisitive, pragmatic, and adaptive
- Having an experience in tools such as NMAP, Nexpose is an advantage
- Certified Ethical Hacker is highly preferred
**Translated Company Description

**COMPANY DESCRIPTION**

**An innovative place to work**

There’s never been a more exciting time to work at Shell. Everyone here is helping solve one of the biggest challenges facing the world today: bringing the benefits of energy to everyone on the planet whilst managing the risks of climate change.

Join us, and you’ll add your talent and imagination to a business with the power to shape the future - whether by investing in renewables, exploring new ways to store energy or developing technology that helps the world to use energy more efficiently.

**An inclusive place to work**

To power progress together, we need to attract and develop the brightest minds and make sure every voice is heard. Here are just some of the ways we’re nurturing an inclusive environment - one where you can express your ideas, extend your skills and reach your potential.

We’re creating a space where people with disabilities can excel throug