Offensive Security Engineer

Discover a world of endless possibilities with Cambridge University Press & Assessment, a distinguished global academic publisher and assessment organisation proudly affiliated with the prestigious University of Cambridge.

We are looking for an Offensive Security Engineer (Internal Penetration Tester) to join our global Group Security department. You will be the Subject Matter Expert on Offensive Security matters (Red Teaming), your goal will be to perform systematic application security testing of Cambridge's platforms, supporting our developers and engineers to provide assurance to security. 

Why Cambridge?

At Cambridge, our unwavering commitment is to excel in education, learning, and research on a global scale. With a presence in over 170 countries, we empower millions of individuals, unlocking their potential and enabling their success. From dedicated teachers shaping young minds to visionary researchers pushing the boundaries of knowledge, we embody a relentless pursuit of enlightenment, curiosity, and understanding.

We embrace change as an opportunity for growth and progress, constantly adapting to meet the evolving needs of our customers. Collaboration and attentive listening are at the heart of our journey, as we work hand in hand with our customers and each other to innovate and discover more effective ways to achieve our goals. We believe people thrive in an environment where Trust and Empowerment are at the forefront, which is why all our new team members are provided regularisation on their first day so they can start #PursuingPotential from day one.

Joining Cambridge means becoming a part of an extraordinary institution renowned worldwide. Beyond that, you'll become a part of a vibrant and forward-thinking community that transcends tradition, fostering a culture of continuous growth and personal development. Here, we provide the perfect environment for you to thrive, supporting your professional journey and empowering you to reach your highest potential.

What can you get from Cambridge?

In this role, you'll have the opportunity to collaborate with colleagues from diverse branches, expanding your horizons and enriching your understanding of different cultures. We value your wellbeing and offer stability, fostering your professional and personal growth through internal and external activities and training sessions to help enrich your skillset.

Enjoy work-life balance flexibility through our range of options, including flexible schedules, hybrid work arrangements, and generous paid leave. As a regular employee on Day One, you'll have access to comprehensive healthcare benefits, ensuring your peace of mind with coverage for dependents, group life insurance, and robust well-being programs.

What makes you the ideal candidate in this role?

As a specialist internal penetration tester, you will play a crucial role as a member of the Security Engineering team. You will own and drive the Offensive Security testing processes that will help build upon a secure Cambridge. You will be accountable to Cambridge's global Group Security department, with a close relationship to other Security Engineering specialisms, and our Global Security Operations Centre. Your expertise, insights and security testing performance will ensure that effective security measures are embedded within Cambridge's applications, infrastructure, APIs and cloud services. It is essential that you have demonstrable skills and prior experience in a penetration testing role, exposure to infrastructure testing is desirable and knowledge of cloud security is preferred. This role is a senior specialist position as the technical lead for in-house penetration testing and associated Offensive Security matters at Cambridge.

Please note that this role's working hours will align with the UK time zone.

The following will help you be an ideal candidate for this post:

• 5+ years of experience within web application penetration testing roles, with exposure (1+ years) to infrastructure testing, API testing and cloud security practices.
• Demonstrable ability of testing security controls within applications.
• Knowledge of Windows and Linux infrastructure.
• Skilled in the use of security testing tools such as Burp Suite Pro, Kali Linux tools, and vulnerability management platforms such as Tenable.
• Certifications security testing such as OSCP, CREST CRT or CCT, eCPPT, eWPT, CEH, GPEN, or similar.
• Skilled with common scripting languages such as PowerShell, Python, or similar.

If you have the drive to develop a security-minded culture within Cambridge's developer community, and the desire to be part of a globally renowned institution that celebrates innovation, embraces inclusion, and empowers learners, we invite you to pursue your potential with us.