Senior Penetration Tester (Hybrid setup)

Join a team of cybersecurity professionals and help Swiss Re to fulfil its mission in making the world more resilient. As the Senior Penetration Tester, you'll own the improvement of our penetration testing services and develop strategies, assess web app and infrastructure penetration reports, and manage relationships with external security testing firms. What's more, you'll be working in a hybrid setup, perfectly balancing work from home and the office premises. 

About the team 

The Security Team is the focal point for all security activities across Swiss Re. We are responsible for engineering and operations, corporate security, governance, operational resilience, risk and compliance. We define and advance the company's security strategy.  

As a part of the Security Team, the the Penetration Testing sub-team (running under Continuous Service Assurance) ensures a recurring testing of critical applications, providing the internal teams with pentest scheduling and remediation. We're looking for an experienced penetration tester who will use their analytical and technical skills to help us in making our IT environment more resilient. 

About the role

• Continuously improve existing processes and develop long-term strategy for the penetration testing service 

• Efficiently own, perform, and deliver security assessment of web applications and infrastructure penetration reports, and coordinate the remediation of all findings and recommendations 

• Compile lessons learned sessions and education material for IT developers and other relevant partners 

• Manage relations with internal partners and external security companies providing penetration tests 

• Cooperate closely with global teams from IT application owners, information security specialists, and chief information security officers 

• Be someone who believes in continuous innovation, is curious and relentless in finding a better way every day   

About you

Nobody is perfect and meets 100% of our requirements. If you, however, meet some of the criteria below and are curious about the world of penetration testing in a renowned international firm, we'll be more than happy to meet you! 

• At least 5 years of experience in information security and penetration testing 

• Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities, testing procedures, and remediation recommendations 

• Experience in Vulnerability Assessments, Penetration Tests of Web, Network, Mobile (Android, iOS and Windows), Cloud and API Security assessments 

• A Bachlor's or Master's degree in Computer Science, Information Security, or related academic field OR significant work experience in the field. 

• You own industry relevant certifications (OCSP, CISSP INE, CEH, etc.) and have a sound understanding of security frameworks (ISO27001/2, NIST, OWASP Top 10) 

• Ability to communicate complex technical concepts clearly and unambiguously to both business and technical audiences 

• Experience in continuous service and process improvement and automation 

• Great communication and writing skills; advanced proficiency in English is required, other languages are a plus 

• You are an excellent teammate, have the ability to lead and mentor junior colleagues and like international relationships 

• You are curious, like to drive things forward, raise your voice for improvement and possess a great interest in learning new things