Cyber Security Specialist - Penetration Testing

Your Responsibilities:
Global Applications & Development (GA&D) Tech is responsible for development, deployment, business partnering and support of all global business applications including ERP, Workday and myLearning. The ERP programme is driving the transformation of GSK's standard financial, commercial and manufacturing processes to a common SAP software platform, for around 80% of the organisation. We are responsible for delivering GSK's ERP strategy, focused on improving service, transforming the delivery model and simplifying processes.
Global Applications & Development Tech Team
Integrated cross-functional support and delivery organisation. We are a 1,500-strong global organisation, working with many vendor partners, with main operations in the UK, Malaysia & India.
At the beginning of 2010, the GSK Executive team approved a major ERP implementation programme that will upgrade, standardise and extend the current landscape for its Commercial, Financial and Manufacturing users. GSK's ERP strategy is acknowledged to be one of the most ambitious, globally.
This role sits within the Global Security & Controls team.

As a Global Application Cyber Security Specialist in Global Applications & Development, you will be managing the following:
• Penetration testing of infrastructure components.
• Penetration testing of web applications.
• Penetration testing of Cloud based applications.
• Penetration testing of core global systems and applications (such as SAP, Workday, etc.)

• Penetration testing will need to cover following key areas:
o Client/GUI
o Authentication and Authorization
o Database security
o ABAP code security
o Operating system security

• Penetration testing will need to be tailored around specific scenarios including but not limited to the following methodologies.
o Manual Infrastructure Assessment
o SAP Configuration Assessment
o Database Review
o Code Review
o Server Build Review
o VPN Assessment
o Firewall Ruleset Review
o Cloud Based Assessment/Configuration
o Mobile Application Assessment
o Web Application Assessment

• Configuration and Operation of existing Security Tools
• Remediation and / or mitigation of detected vulnerabilities
• Compile regular reporting on Application Security Monitoring key performance indicators.
• Security notes assessment and implementation upon the monthly release.

Please Apply ASAP as interviews are in process

Please take a copy of the Job Description, as this will not be available post closure of the advert.

When applying for this role, please use the 'cover letter' of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application.

During the course of your application you will be requested to complete voluntary information which will be used in monitoring the effectiveness of our equality and diversity policies. Your information will be treated as confidential and will not be used in any part of the selection process. If you require a reasonable adjustment to the application / selection process to enable you to demonstrate your ability to perform the job requirements please contact 0808 234 4391. This will help us to understand any modifications we may need to make to support you throughout our selection process.


Why You?

Basic qualifications:
• Extensive experience in cyber security (with a focus on networking, operating systems, databases, vulnerability assessments, attack & penetration testing).
• Proven experience in conducting penetration testing in large SAP environments.
• Advanced knowledge of information security governance frameworks (NIST CSF, COBIT, ISO27001, etc.).
• Basic knowledge of GDPR and SOX.
• Preferably knowledge of Agile project methodology

Preferred qualifications:
• Previous Consulting or Big 4 experience preferred
• Certified Information System Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• NIST Cybersecurity Framework (NCSF)
• Licensed Penetration Tester (LPT)
• CEH: Certified Ethical Hacker

Why GSK?:
GlaxoSmithKline is a science-led global healthcare company that researches and develops a broad range of innovative medicines and brands. We discover, make and market life-enhancing products that are used by millions of people around the world, helping them to do more, feel better and live longer. We have 3 primary areas of business in pharmaceuticals, vaccines and consumer healthcare. We have offices in more than 115 countries, major research centers in the UK, USA, Spain, Belgium and China and an extensive manufacturing network with 87 sites globally. Our three strategic priorities are to grow a diversified global business, deliver products of value, and to simplify our operating model.

Contact information:
You may apply for this position online by selecting the Apply now button.
Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Back to top