Security Pen Tester

Come join us, and shape the future of the insurance industry!

ReMark is a global insurance consultancy helping insurers worldwide grow sustainably. Part of the SCOR Group, we specialise in data intelligence, marketing and technology solutions. Since 1984, we’ve reached over 1 billion people, ran over 12,000 campaigns and underwrite over 1 million policies each year. We’re a team of over 250 employees from 33 nationalities and 17 offices worldwide. Our clients include over 500 insurers, and we’re also partnering outside the industry with Garmin, local government, universities and more. Our vision is to transform the insurance industry, and we also believe in making products that have a sustainable impact on people's health and wellness.

The role

• Would you like to partner with our tech and software development teams?
• Do you have a passion for conducting vulnerability assessments?
• Do you love Penetration Testing web Applications / Networks / Cloud / API/ Mobile apps?
• Are you motivated to help develop secure and compliant digital products for our customers?
• Do you like a culture of being in learning, sharing, and collaborating?

As a Security Pen Tester, you will be integral to defining, shaping and playing an essential role in securing and protecting ReMark’s cloud platform, solutions, products & data. In a highly collaborative environment, you will be working with a global team to secure our software products, code, network, cloud, and endpoints.

Reporting to the Director IT/Solutions Security, the Security Pen Tester is a technical role and is responsible for the following:

Key responsibilities

• Conduct periodic Penetration Testing exercises on Web Applications / Networks / Cloud / API/ Mobile apps.
• Ensure that there is automated and manual vulnerability scans conducted, and triaged, and help in fixing the vulnerabilities on risk-based approach.
• Evaluate the security of web applications, including identifying and testing for OWASP Top 10 list of vulnerabilities.
• Utilise a variety of security tools and methodologies, including automated scanning tools, manual testing techniques, and custom scripts to identify vulnerabilities adopting frameworks such as MITRE, NIST.
• Participate in Red teaming exercise to simulate attack situations on infrastructure, and applications and provide appropriate responses, and alerts as well as acting upon issues identified.
• Actively participate in client interactions to provide assurance and confidence on the process, technology, and outcomes for vulnerability scanning, and penetration testing.
• Support additional security measures such as patching requirements, hardening, code scanning, and encryption.

Technical/Essential competencies

• Effective communication and reporting skills.

Personal competencies/Nice to have

• Any relevant industry certification is an advantage.
• Knowledge of computer systems, networks, and cybersecurity principles such as Google Cloud, Kubernetes cluster,
  PostgreSQL, Ruby-on-Rails, Java or .Net framework is a plus.

Required education/Work experience

• Bachelor’s degree in a related field (e.g. Computer Science, Information Security) or equivalent experience.
  
• 2 to 3 years of experience in vulnerability scanning, penetration testing, or Bounty Hunter.
  
  

A Security Penetration Tester plays a crucial role in helping organisations protect their digital assets and sensitive data from cyber threats. Their work helps organisations identify and remediate security vulnerabilities, ultimately strengthening their overall cybersecurity posture.

What we offer

• Competitive Salary.
• Private Health Insurance and Company pension plan.
• Flexible remote-work policy.
• Training & professional development opportunities.
• Membership to security forum.
• Sustainable & single-use plastic-free office environment.
• Working in a global, entrepreneurial ‘start-up’ environment within the established SCOR Group.

The company working language is English. All ReMark employees should speak, read and write English to a sufficient level in order to communicate and operate effectively in the organization.