Job title: Ethical Hacker - Pentester
Experience required: 6 year(s)
Headquartered in London, the FinTech capital of the world, Form3 are building the most exciting banking technology company on the planet. Our mission is simple: transform payments technology to enable the global financial community to move money in real-time.
Form3 was born from the idea that moving money in real-time will be the new normal and cloud-native payments services the way forward. By combining the latest cloud-native technologies with our in-depth payments experience we find innovative solutions to problems that others would deem unsolvable. We favour open-source, prioritise best-practice and live and breathe DevOps. We advocate a positive work-life balance and offer a super flexible, remote-friendly working environment.
Our Security team is growing, and you will be reporting directly into the Head of Information Security. We use Terraform for Infrastructure-As-A-Code and have fully automated CI/CD and platform monitoring. As a Senior Security Engineer/Ethical Hacker at Form3 you’ll work closely with the Security and Platform Teams to protect our networks and perform penetration testing to keep our cloud-native platform and digital assets safe. We will cross-train in different security disciplines within the team or areas where needed!
At a high level, these are the key things that our Cloud Security Engineer/Ethical Hacker will be responsible for;
Performing response analytics, determining root-cause and mitigation of cyber security events
Operating, maintaining, auditing and improving Vulnerability Management, SIEM and Threat Intelligence systems
Security configuration, hardening and risks, i.e. Linux/Unix, Mac OS, Containers, Office 365, etc.
Creating scripts to test for vulnerabilities including penetration testing and risk assessment
Implementing technical controls and automation to meet compliance of information security frameworks
Developing low-level tools for vulnerabilities to improve security testing and monitoring
Performing risk assessment across the entire network
Keep up to date on the latest security threats and vulnerabilities
Continuous process improvement across the board
We’re looking to speak with Cloud Security Engineers/Ethical Hackers that have experience in;
Public cloud security (we primarily run on AWS)
Security of docker and container orchestration (Kubernetes etc.)
Have appropriate certifications (e.g. LPT, OSCE, CEPT, GXPN)
DevSecOps tools and processes, including automatic code analysis
Application security best practices (OWASP top 10/SANS top 25)
IS027001, ISAE3000/SOC2, SOC1, NIST, GPDR and PCI DSS
Security operations, security incident response, forensic security investigations, management and remediation of identified and day zero vulnerabilities, alerts, threats and breaches
Networking, Application and ‘Next Generation’ Firewalls, IDS/IPS, Proxies, security monitoring, FIM, WAF, DDOS, DLP, malware, antivirus and endpoint protection
Vulnerability Management, SIEM and Threat Intelligence systems
Various technologies and operating systems and their related security configuration, hardening and risks i.e. Linux/Unix, Mac OS, Containers, Office 365, etc.
Cryptographic controls, secure communications, PKI, hash and encryption technologies, ciphers, including IPsec VPN, TLS and certificates
Programming and scripting
30 days annual leave (plus Bank Holidays)
Pension, cycle-to-work scheme and regular socials
Continuous investment in your career and the latest technologies