Senior Penetration Tester

At Tandem, we're not just a bank; we're a movement for positive change. If you're an ambitious and dedicated Senior Penetration Tester ready to make an impact, we've got a space with your name on it! The primary responsibility of the Senior Penetration Tester is to lead and execute comprehensive penetration testing activities across various digital platforms and environments. This role will encompass testing web applications, APIs, mobile applications, network infrastructure, and cloud platforms (AWS and Azure). Additionally, the role will involve contributing to the overall security strategy, particularly focusing on offensive and defensive security operations, threat intelligence and modelling. The successful candidate will play a critical role in improving Tandem Banks security posture, working collaboratively with Security Operations to identify, mitigate, and remediate vulnerabilities, and assist in refining security protocols and best practices., Conduct penetration tests on web applications, APIs, and mobile applications (Android & iOS). Perform infrastructure security assessments of network environments and cloud platforms (AWS & Azure). Review Firewall and Switch rules and ACLs Lead in Red Team exercises to assess defensive measures and identify security weaknesses. Execute social engineering campaigns, including complex phishing simulations and physical security tests. Collaborate with internal teams to define remediation strategies for identified vulnerabilities. Support forensic investigations and contribute to incident response activities. Stay updated on the latest security trends, vulnerabilities, and penetration testing methodologies. Contribute to the development of security processes, procedures, and best practices to strengthen the security posture of Tandem Bank. Prepare detailed reports for both technical teams and executive stakeholders, articulating vulnerabilities, and recommended remediation., We are Tandem - Where impact meets innovation. Tandem is the UK's greener digital bank on a bold quest to revolutionise the way we save, borrow, spend, and share all while nurturing our planet, our people and our customers. As one of Europes fastest growing digital banks, our values of being Brave, Enterprising, Simple, and Together (BEST) ensure our 500-strong team collaborate to drive a brighter, greener future. Tandem also leads the way with a secondary app called Loop. Loop gives customers a simpler, hassle free and awkward free way to share money among friends. The Team The role will report to the Head of Information Security, and you will be joining a team of committed security resources focused on Information Security, Cloud Security, Governance, Risk, and Compliance. Through ongoing assessment and review working collaboratively with our Service Delivery, Infrastructure, Platforms and Engineering teams work to manage and continually improve security posture. Your Impact: Building a greener tomorrow As an Information Security Operations Senior Analyst at Tandem your focus will be on: Design Cyber Security Solutions that align with existing IT infrastructure, industry best practices, and cutting-edge technologies. Install, configure, and support Cyber Security systems that enforce corporate Information Security policies. Collaborate with Technical Leads to seamlessly integrate Cyber Security systems into current IT and network infrastructure. Define Information Security Requirements for IT projects and infrastructure. Proactively identify and remediate security gaps. Maintain the security level of networks (Cloud and On-Premises), IT systems, and software applications. Document Cyber Security solutions with both high-level and detailed designs. Keep abreast of industry trends and emerging technologies in Cyber Security. Actively participate in the definition and assessment of Information Security Controls Actively participate in the drafting and development of Issues and Actions detailing Control Gaps and remediation plans. Actively track progress, updating issues and actions as required. Assist in the development of monthly reporting packs and Information Security Position Papers Assist in the co-ordination and assessment, documentation, and deployment of IDAM, DLP, tooling. Assist in the co-ordination and assessment of our SDLC requirements. Ensure the regular delivery of control uplift projects in accordance with Agile methodologies. Work with Stakeholders to define roadmaps and prioritize work for any control gap identified. Manage the end-to-end delivery of uplift activities. Creating a delivery focused and high performing environment, through leading by example and a commitment to continuous improvement.

Extensive experience in penetration testing across: Web Application & API Testing Mobile Application Security Testing (Android & iOS) Network Infrastructure Testing Cloud Security Testing (AWS & Azure) Proven track record in leading Red Team engagements. Strong knowledge of social engineering tactics and experience in executing complex phishing and physical assessments. Experience with Digital Forensics and Threat Intelligence integration. Ability to collaborate effectively with cross-functional teams and stakeholders. Strong understanding of attack vectors, threat landscapes, and security best practices. Desirable Certifications: OSCP (Offensive Security Certified Professional) OSCE (Offensive Security Certified Expert) CREST CRT (Certified Registered Tester) Desired Qualities: Strong analytical and problem-solving skills. Excellent verbal and written communication abilities, particularly in conveying complex technical findings to non-technical stakeholders. A passion for cybersecurity and continuous learning.

Rewards that reflect your value, whats in it for you? At Tandem, your hard work is rewarded in many ways and we have an enhanced employee benefits package on offer from your very first day with us: 25 days annual leave plus 8 days Bank Holiday An additional day off for a celebration day including, but not limited to, birthdays, weddings, religious holidays, graduations etc Buy or sell up to 5 days holiday a year Healthcare cash plan through Westfield Health worth a minimum of 750 per year Electric Vehicle salary sacrifice scheme Cycle to Work salary sacrifice scheme and a free helmet Salary sacrifice Pension contribution

• , 4% employee contributions matched with 4% Tandem contribution (Subject to salary eligibility)
Smart Tech scheme (buy goods with 0% interest) 10% discount on solar panels Tandem Hub for treats, cash back and discounts on UK retailers 2 days per year paid volunteering Free cereal, snacks and drinks in all offices Quarterly team social budgets Our Green Deal: Your Impact Amplified A little welcome gift from us to you, well plant a tree in the Tandem Grove and you can enter into our Green Deal below: Volunteer 2 days a year for charity > receive an early Friday finish Raise 200 per annum for charity > Tandem provide PR and marketing support Have renewable energy at home > receive an additional 1 day annual leave Drive an electric car > receive 500 towards a home charger Ready to make your mark? Apply now and let's pave the way to a greener world, together. Our approach to DE&I is reflected in our hiring process so please let us know if you require any reasonable adjustments. Sourcing Model Recruitment at Tandem works primarily on a direct sourcing model and does not accept resumes from recruitment agencies which are not on the preferred supplier list. We are not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company. You can find our Applicant Privacy Policy on our Careers page. Tandem is an equal opportunity employer and are committed to meeting our responsibilities under the Equality Act (2010). We respect the diverse experience and talents that every individual brings to our Company, and we are determined to ensure that no applicant or employee receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown to be justifiable. Please be aware that background checking (including credit and criminal records checks) form part of our recruitment process. We will adhere to our duties under the Rehabilitation of Offenders Act 1974. Cardiff, United Kingdom