Job description
About Nettitude
Nettitude is a LRQA Company. We’ve been around since 2003 and our focus has always been on excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides!
We’re an award winning provider of cyber security services and we’re are at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. Nettitude will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.
You can find out more about us at www.nettitude.com. If you want to review our research and tooling, then head on over to https://labs.nettitude.com
The role
We have a dedicated Penetration Testing team within our business and due to continued growth we have two opportunities for internships.
The role includes training and you will be included in our Accelerator Scheme course which will teach you about penetration testing methodology and client interaction. You will also be responsible for delivering Managed Vulnerability Scanning and PCI assessments using our ASV platform which will familiarise you with the types of vulnerabilities often encountered and how they are remediated.
During your internship you will start to become involved in live penetration tests with our clients where you will shadow our senior consultants and begin to perform your own engagements with support. This will give you an understanding of the full life-cycle of a penetration test and some real-life experience in being a pentester. You’ll also be helping out and supporting the team with other tasks that come in to help us function efficiently.
The move to remote working has come with some challenges and part of our model is building and sending laptops to our clients in order to provide remote testing capabilities. Part of your job role would consist of managing this process, ensuring that laptops are built and delivered to our clients by courier and collected again to support the testing.
This role will provide a wealth of experience in many areas and give you a true to life view of what it is like to be a penetration tester at Nettitude.
Location
This role is office based, however allows for operating from a remote perspective. The role is open to applicants across the UK. Applicants need the right to work in the UK.
What you’ll be doing
In your role you will:-
- Learn the technical and soft skills needed to perform penetration testing in a guided and group setting with the Accelerators.
- Perform Managed Vulnerability Scanning and PCI assessments.
- Manage the building and delivery of our remote laptops to our clients, ensuring that remote tests can be carried out effectively.
- After your training has completed, start to perform penetration tests from end to end, including kick off calls and debriefs.
- Support the penetration testing team and wider business with additional tasks when required.
- Presenting and discussing findings with clients.
- Joining in on our team meetings and clinic days, discussing and presenting interesting tools, techniques and vulnerabilities.
Key skills
- Demonstrably strong technical, social and presentation skills.
- Demonstrably strong written and speaking English skills.
- Demonstrably strong analytical/problem solving skills.
- Demonstrably strong time and task management skills.
- Ability to learn quickly and research unknown topics.
Desirable Knowledge & Experience
- Currently studying a Computer related degree and looking for placement year.
- An interest and passion for penetration testing.
- Technical knowledge of hacking and penetration testing techniques.
- Experience with capture the flag / hackathon type events.
What we offer
- The opportunity to learn from experience and skilled penetration testers.
- A comprehensive training course covering web application, external infrastructure and internal infrastructure.
- Regular clinic days where the whole team attends presentations by other team members or guest speakers. These can also include CTFs and digital detox days.
- Opportunities to become familiar with technology such as the cloud and IoT and how security relates to them.
- A chance to get real world and hands on experience at being a Penetration Tester at Nettitude.
Apply?
Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter to
https://jobs.lrqa.com/job-invite/38359/
You will also need to complete our capture the flag exercise and send us a written file outlining how you managed to get capture the flag.
Once you have applied through the capture the flag, your application will be reviewed within a week and, if your application is successful, we will schedule an interview with you at the next available date.
The capture the flag exercise will require some out of the box thinking and problem solving skills in order to get to the flag. You will encounter a mixture of disciplines and may need to do some research, but we will be looking for not only for the flags you get but the challenges you had to overcome in your written analysis. More details on the rules and conditions for the capture the flag can be found on the link below, please ensure you have read and understood them. Good luck, and enjoy!
Please sign up for an account on our Nettitude Accelerator Programme Capture the Flag) site here:
https://nettitude.ctf.acceleratorscheme.com/register-front.php?SF_Integration_Code=35319
For all flags corresponding to VM based challenges, you need to submit a written file as well. This will be a text file containing a brief description of how you managed to get the flag. Non VM-based challenges do not require a written analysis.
You can submit a written analysis even if you didn’t get the flag; we appreciate the thought process, not only arriving to the destination and getting the flag. Whilst we encourage people to put their wits against all the challenges we have on offer, completion of all is not required to be considered for the programme. Two well written analyses would be enough to apply and be considered for the role.
Rules of engagement
All rules are specified on our CTF system; you must read and abide by the rules and engagement.
The labs.nettitude.com website and all associated infrastructure (e.g. CTF registration server, etc.) are strictly out of scope. The system clearly states what is in scope.
If you encounter any issues, please contact an admin at: [email protected]
We will be reviewing candidates’ submissions weekly and will contact those who are successful via e-mail to arrange a telephone interview.
Good luck!
#LI-Nettitude