Penetration Tester
Fresha
This job is no longer accepting applications
See open jobs at Fresha.See open jobs similar to "Penetration Tester" MEVP.Quality Assurance
London, UK
Posted on Thursday, January 18, 2024
About Fresha
Fresha is the only subscription-free appointment booking software for beauty and wellness businesses.
Available in 120+ countries worldwide, used by 100,000+ businesses and 450,000+ professionals worldwide. Over 800 million appointments have been booked through Fresha to date.Salon, barbershop and beauty professionals can use the platform to manage their entire operations with intuitive software and financial technology solutions. Fresha has zero monthly fees with optional paid features, including card payment processing.
The Fresha ecosystem gives beauty and wellness professionals everything they need to run their businesses seamlessly by facilitating appointment bookings, point-of-sale, customer records management, marketing automation, loyalty, product inventory, and team management, all in one place.
Fresha also allows consumers to discover, book and pay for beauty and wellness appointments with local businesses via its marketplace.
Fresha is headquartered in London, United Kingdom, with global offices in New York City, Vancouver, Sydney, Dubai, Dublin, Amsterdam, and Warsaw. The company raised $185M in venture capital funding to date from leading institutional investors
Role overview
Given our exciting and progressive growth plans, we are looking for an exceptional Penetration Tester to come join our global business.
Reporting directly to the Head of Security, and working with stakeholders (internally and externally). Your primary responsibility is the automation of security tests, enabling the product teams to continue to deliver features at light speed.
The perfect candidate will have solid experience in manual pen testing, but with a mindset focused on automation, bringing the best-of-breed open source and commercial tooling to catch SQLi, XSS, CSRF, and other vulnerabilities. Home grown development may also be needed to ensure new code is safe from past vulnerabilities. Expertise on SAST, DAST, OSS vulnerability scanners, Kali, sqlmap, fuzzing, along with scripting languages, and CI tools such as CircleCI or Jenkins, is what we are after. Knowledge of Elixir and Python is very desirable too.
This is a great opportunity for someone looking to work in a fast-paced and changing environment, who likes to work autonomously, enjoys a challenge and wants to make an impact.
What you will be doing
- Performing manual pen testing on a quarterly basis
- Categorisation and prioritisation of findings
- Development of attack proof-of-concept
- Development and maintenance of tools to automate vulnerability discovery
- Development of internal phishing attack exercises
- Management of future bug bounty programs
- Participation in raising security awareness across the company
- Participation in the development of plans and policies
- Participation in Incident Response events, both simulated and real
- Participation in internal and external audits for current and future certifications (such as ISO27001 and SOC 2)
This list is not exhaustive and there may be other activities you are required to deliver.
To foster a collaborative environment that thrives on face-to-face interactions and teamwork, all Fresha employees work from the office four days per week, with the flexibility to work remotely one day each week.
What we are looking for
- Over 3 years doing penetration testing
- Expert using penetration testing tools such as Burp, OWASP ZAP, and other OSS tools such as Nuclei
- Expert in penetration testing of web applications, native mobile apps, and cloud infrastructure (AWS)
- Experienced in threat modelling
- Interested in latest technologies around Generative AI
- Creative thinking and problem-solving mindset
- Ability to interact with people from across the business and build strong relationships, including the ability to effectively influence upwards
- Happy to roll sleeves up and assist the team when required (team player)
- Self-starter and proactive approach
- Comfortable working in a fast-paced and changing environment
Interview Process
- Screen Call - Video-call with a member from the Talent Team (45-60m)
- 1st Stage - Video/In-person interview with Hiring Manager (60m)
- Final Stage - Video/In-person interview with Hiring Team (up to 2.5h)S
We aim to finalise the entire interview process and deliver feedback within 4 weeks.
Every job application received is reviewed manually by our talent team. While we strive to assess applications within 7 days, the sheer volume of talented individuals expressing interest may occasionally extend this timeframe
Inclusive workforce
At Fresha, we are creating a culture where individuals of all backgrounds feel comfortable.
We want all Fresha people to feel included and truly empowered to contribute fully to our vision and goals. Everyone who applies will receive fair consideration for employment.
We do not discriminate based on race, colour, religion, sex, sexual orientation, age, marital status, gender identity, national origin, disability, or any other applicable legally protected characteristics in the location in which the candidate is applying.
If you have any accessibility requirements that would make you more comfortable during the interview process and/or once you join, please let us know so that we can support you.
This job is no longer accepting applications
See open jobs at Fresha.See open jobs similar to "Penetration Tester" MEVP.