Penetration Tester

Make an impact with NTT DATA

Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA

The Penetration Tester is a seasoned subject matter expert, responsible for assessing and evaluating the security posture of the company's information systems, networks, applications and infrastructure.

This role involves conducting rigorous penetration testing and ethical hacking activities to identify vulnerabilities and potential weaknesses for exploitation.

The Penetration Tester collaborates with cross functional teams and provides strategic security recommendations and assists in strengthening the company's overall cybersecurity defenses.

Key responsibilities:

• Plans, executes and manages complex penetration testing engagements on various IT assets, including networks, applications and databases.
• Conducts simulated cyber-attacks, including social engineering, to identify vulnerabilities and assesses the organization's resilience to cyber threats.
• Performs penetration tests against internal and external facing systems.
• Analyses and interprets penetration test results and provides detailed reports to relevant stakeholders.
• Provides input to improve the quality and effectiveness of tests in a highly scaled and global environment.
• Articulates complex technical risks through creation of reports and delivering presentations to key stakeholders.
• Works with Security DevOps teams to test the orchestration and automation processes and platforms, feed results into a testing program.
• Supports the assessment risk and the development and/or recommends appropriate mitigation countermeasures based on empirical testing.
• Provides comprehensive technical expertise with web, application and database vulnerability testing.
• Supports the development of the security automation framework and the implementation roadmap.
• Provides actionable security recommendations and mitigation strategies to address identified vulnerabilities.
• Ensures that penetration testing activities align with relevant industry standards, compliance regulations, and best practices.
• Contributes to any security awareness training and education programs to promote a culture of cybersecurity within the organization.
• Stays up to date with the latest cybersecurity threats, attack vectors, and defensive technologies to continuously improve testing methodologies.

To thrive in this role, you need to have:

• Ability to work independently and manage multiple projects within remote environment.
• Demonstrates a strong ability to engage with various stakeholders, have a team-based approach and work towards share goals and outcomes.
• Ability to think outside the box and a passion to improve your skills and drive innovation.
• Ability to compromise systems and demonstrate ways to laterally move post compromise.
• In-depth knowledge of common security assessment methodologies, such as OWASP, PTES, or NIST SP
• Strong understanding of various operating systems, network protocols, and application security.
• Proficiency in using penetration testing tools and frameworks, such as Metasploit, Burp Suite, Nmap, and Wireshark.
• Knowledge of security assessment tools and technologies used to evaluate web applications, databases, and network infrastructure.
• Excellent analytical and problem-solving skills to identify and exploit vulnerabilities effectively.
• Strong written and verbal communication skills to deliver clear and concise reports and recommendations to stakeholders.
• Ethical and professional conduct with a commitment to confidentiality and data privacy.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology or Computer Science or related field.
• Security related certifications such as OSWE, OSEP, OSCP, OSCE, CRTP, GPEN, or CREST is desirable.

Required experience:

• Seasoned demonstrated penetration testing experience and ethical hacking gained within a similar global environment.
• Seasoned demonstrated experience with both commercial and open-source security tools and scripting languages.
• Seasoned demonstrated exposure to security testing scenarios e.g. Capture the Flag / Red Team / Blue Team is desirable.
• Seasoned demonstrated experience with various testing platforms e.g. Hack the Box / Vulnhub / PentesterLab is desirable.

Workplace type:

Hybrid Working

About NTT DATA

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer

NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters

NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an email address. If you suspect any fraudulent activity, please contact us.