Senior Pen Tester

Who we are

We are one of the largest international law firms in the world. With over 30 offices across the globe, we strive to exceed the expectations of our clients, providing them with the highest-quality advice and legal insight, which combines the firm’s global standards with in-depth local expertise.

Our firm, work and people span jurisdictions, cultures, and languages. We offer our clients a truly international perspective. We believe every career should be rewarding and stimulating - full of opportunities to learn, thrive, and grow. That’s why we’re so proud of our inclusive, friendly, and team-based approach to work.

You’ll find our clients in commercial and industrial sectors, the financial investor community, governments, regulators, trade bodies, and not-for-profit organisations. But no matter who they are or why they’ve reached out to us, we provide a world-class service every step of the way. And that’s possible thanks to the entrepreneurial spirit and conscientious approach to work that you’ll find across all of our teams.

Whichever area of the business you join, you’ll become an integral part an innovative, diverse and ambitious team of people. Clifford Chance is a place where the brightest minds and the best of colleagues meet.

The role

This role reports to the Head of Information Security and requires a fast-learning and self-motivated individual to add capability and capacity to our small but highly effective team.

Information Security is evolving to dynamic business needs, a rapidly changing threat environment, and the firm's own ambitious IT Strategy. This role will help play a key part in implementing and improving the underlying processes required to provide a structured, systematic, and audited approach to Information Security across the firm. The role will have clear areas of focus combined with periodic involvement in a broad spectrum of information security activities. This is a pivotal role within the Information Security Team.

The key tasks and responsibilities include, but are not limited to, the following:

• Conduct thorough Red Team offensive penetration testing on our IT (on prem and cloud) infrastructure to identify vulnerabilities and provide recommendations for remediation.
• Perform security assessments on cloud-based applications, ensuring they adhere to industry standards and best practices.
• Execute red team exercises to simulate real-world attack scenarios, testing the firm's detection and response capabilities both internal and external.
• Assess and test the security of internally deployed infrastructure IoT devices and sensors, identifying potential vulnerabilities and ensuring they are secure.
• Assess and test our SmartBuilding digital landscape and data lake.
• Assess and test identified web-based APIs and applications for vulnerabilities and recommend where required actions to resolve the vulnerabilities.
• Provide guidance to internal teams on API security testing and secure practices, as well as carrying out API security assessments.
• Work with wider stakeholders on developing testing models for Generative A.I security.
• Work with wider teams to assess the security testing landscape and make sure we reduce vulnerabilities to minimise security incidents where appropriate and practical.
• Collaborate with cross-functional teams to implement security measures and enhance the firm's overall security posture.
• Prepare detailed reports and presentations on findings, offering actionable insights to both technical and non-technical stakeholders.
• Stay informed about the latest security trends, threats, and technologies to proactively address potential risks.
• Assist in developing and maintaining security policies, procedures, and guidelines.
• Serve as the key point of contact for all matters related to security testing engagement.
• Collaborate with stakeholders to continually enhance efficiencies and maintain compliance with client and external audit requirements.
• Utilise data and stakeholder feedback to drive continuous improvements in security testing.
• Support the security team by focusing on key knowledge and behaviours, empowering colleagues to become informed security contacts within their teams and helping peers resolve security issues.
• Research and analyse existing security policies, standards, and resources to identify areas where additional training or guidance is needed.
• Participate in the evaluation, selection, and implementation of security testing technologies.
• Stay informed about emerging threats and trends, integrating this knowledge into the security testing processes
• Support the firm’s certification activities, such as ISO27001, SOC2, and Cyber Essentials Plus, by assisting with audits, documentation, and continuous improvement efforts.
• Engage with security industry groups and collaborate with external industry partners to stay aligned with best practices and industry standards.

Your experience

The ideal candidate should possess comprehensive experience and knowledge in security testing and red teaming, with the ability to effectively communicate these concepts within the firm.

The candidate should have a background in information security and be capable of conducting a wide range of security testing and red teaming activities, as well as providing advice and guidance to the business. This role involves will also involve coordinating external security requirements, identifying areas for continuous improvement in security services, and ensuring the effective execution of security testing and red team exercises. The candidate will address the evolving security needs of the business and should have a strong background in delivering actionable results

The candidate must be able to quickly assimilate information to assess and document risks, engage with individuals at various levels of seniority, and balance the need to gather information. They should consistently demonstrate how Information Security aligns with the firm's business objectives and our clients' need for information assurance. An organised approach to managing and prioritising multiple concurrent assignments is essential.

A degree-level education is likely but not essential, as CREST/CHECK/OSCP/OSWE/OSWA status, and having various qualifications or full membership status with the IISP would be highly advantageous. This role may in the future expand to require security clearance.

This role may expose the candidate to our external clients, so it is important that this candidate be able to maintain good working relations and strive to build bridges even in challenging circumstances

Experience in developing and using structured documentation – process, format, logical content, version control etc is also important. 

Hybrid Working

This role follows our 'balanced' hybrid working approach and as long as business needs allow, you will be supported to work in a hybrid way with the expectation of working from the office for a minimum of 50% of your time.
 

What we offer including our broad range of benefits and working environment

When you join Clifford Chance, you will have access to a broad range of benefits to support you across many aspects of your personal and professional life including financial, wellbeing, lifestyle, and family friendly benefits. For more information on what we offer specifically in the UK, please visit our What We Offer page on our career site. 
 

Equal Opportunities

At Clifford Chance, we understand that our true asset is our people. Inclusion is good for our team and their families, our firm and society. 

We are committed to treating all employees and applicants fairly and equally regardless of their gender, gender identity and expression, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age.  This applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment.

We have a variety of flourishing employee networks. These networks are a place for colleagues to share experiences and advocate for change wherever they see an opportunity for improvement.

Our goal is to deliver an equality of opportunity, an equality of aspiration and an equality of experience to everyone who works in our firm.

Find out more about our inclusive culture here

#LI-Hybrid