Who are we?

FirstGroup PLC is the largest rail operator in the UK and second largest bus operator in the UK outside London.  FirstGroup operates services throughout the UK and Ireland, with over 30,000 employees providing services that make travel smoother and life easier.  FirstGroup works hard to reduce its impact on the environment, introducing cleaner and more environmentally responsible methods of transport. 

About the team

The Group Cyber Security Operations and IS Compliance Team is responsible for protecting  First businesses digital assets, systems and data from cyber threats, ensuring compliance with the relevant regulations and standards

We foster a collaborative environment where creativity and expertise thrive, allowing us to deliver exceptional solutions to our customers. 

About the job

We have an opportunity open for a highly skilled Senior Penetration Tester (CREST Registered) to join our cybersecurity team. Responsible for conducting comprehensive security assessments, identifying vulnerabilities, and providing recommendations to enhance the security posture of our businesses.

Our roles are only available if you hold or fulfil the criteria to obtain a UK Security Clearance and are CREST Registered tester holding one or one or more CREST Certified Tester (CTT) certifications.

Your main responsibilities will be:

The primary responsibility of this role is to develop and implement pen testing strategies and measures to maintain and enhance the cybersecurity of our business systems, infrastructure, and people.

• Develop and implement a comprehensive pen testing strategy for Group business and schedule of pen testing activities.
• Conduct Pen Tests, output risk assessments and vulnerability assessments to identify potential weaknesses.
• Collaborate with internal teams to develop and implement appropriate controls and measures to mitigate identified risks and vulnerabilities.
• Collaborate with businesses to understand their security objectives and provide expert guidance on improving their overall security posture.
• Provide technical leadership and mentorship to others within the field of pen testing and vulnerabilities.
• Assist in the development and enhancement of internal tools, processes, and methodologies to streamline and improve the penetration testing process.

You'll need to be:

• Passionate about cybersecurity and dedicated to staying ahead of evolving threats, staying up to date with the latest cyber threats, attack techniques, and security technologies to proactively identify potential risks and recommend appropriate countermeasures.
• Proficient in conducting penetration tests and vulnerability assessments, with a strong understanding of common security vulnerabilities and attack vectors, as well as the ability to exploit and mitigate them.
• Have strong knowledge of security technologies, intrusion detection/prevention systems, firewalls, antivirus, and vulnerability management tools.

• Possess in depth knowledge of network protocols, operating systems, and web technologies.
• Demonstrated ability to work independently and manage multiple projects simultaneously.
• Excellent problem-solving and analytical skills, with the ability to think critically and make sound decisions under pressure.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate complex security concepts to non-technical stakeholders.

As a minimum, you will need to have:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Must be a CREST Registered Tester (CRT) and hold one or more CREST Certified Tester (CTT) certifications, it is a conditional requirement of the role.  Other desirable certifications include Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH).
• Proven experience as a Penetration Tester, with a strong track record of conducting successful penetration tests on a variety of systems and end to end solutions, applications (SaaS and on-premises), APIs, infrastructure both on premise and cloud.
• Familiarity with security frameworks and standards such as NIS CAF, NIST Cybersecurity Framework, ISO 27001, and CIS Controls.
• Security Check (SC) vetting clearance is a conditional requirement of the role. Desirable if SC is already held.

About the location

Hybrid role. Our office is conveniently located in a vibrant and accessible urban setting, offering a blend of work-life balance and professional opportunities in the heart of the UK transport network.
 

Working pattern

This is a full-time position with flexibility in working hours to accommodate project requirements and team collaboration.
 

Additional Information

We are committed to fostering a diverse and inclusive workplace where every individual's unique talents and perspectives are valued. We offer ongoing training and development opportunities to support your professional growth and career advancement.
 

The Reward

In return for your expertise and dedication, we offer a competitive salary package, comprehensive benefits, and a rewarding work environment where your contributions make a meaningful impact on the safety and security of our transportation services.

Join us on this exciting journey to safeguard the future of transport security and be part of a team that is shaping the future of public transportation in the UK. Apply now and elevate your career to new heights with us!

FirstGroup's vision is to provide an inclusive environment for all colleagues, across its group of businesses, ensuring all candidates have an equal opportunity to access meaningful employment.

We value our differences such as age, gender, LGBTQIA+, ethnicity, religion, and disability. We maintain a zero tolerance towards any form of prejudice towards our colleagues, customers, and future talent.

We celebrate and encourage diversity of thought, progressive ways of working and seeing all our colleagues grow and thrive.

We review all roles and job descriptions to ensure they are accessible and, where possible, we support and provide flexible working options; we recommend that you refer to each vacancy description for further details.

If you require additional support to complete your application due to a disability or neurodivergent condition, for example, dyslexia, dyspraxia, or autism, please follow the links below.  We encourage you to share any additional needs you may require so we can provide a fair and equal process for all who apply.

https://exceptionalindividuals.com/neurodiversity/

https://www.healthassured.org/blog/neurodiversity/