Job Summary

The Senior Penetration Tester is responsible for planning and executing security assessments across applications, APIs, infrastructure, and supporting platforms to identify, validate, and clearly communicate security risk. This role defines testing scope and approach with stakeholders, performs manual and tool-assisted testing using industry-standard methodologies, develops proof-of-concept demonstrations where appropriate, and documents findings with actionable remediation guidance tailored to technical and non-technical audiences. The Senior Penetration Tester ensures assessment quality through rigorous evidence collection, false-positive elimination, and retesting of fixes, while maintaining safe testing practices and adherence to rules of engagement. The role also contributes to continuous improvement by mentoring team members, enhancing internal playbooks and tooling, and partnering with engineering and operations teams to improve security posture through practical, risk-based recommendations.

Key Responsibilities

• Aligns penetration testing priorities with the business model, critical assets, and risk appetite. Helps define risk-based testing scope and standards, and uses assessment trends to inform security roadmap decisions, improvement initiatives, and stakeholder priorities.
• Delivers penetration testing outcomes that support business objectives by reducing risk in priority products and services and improving remediation efficiency. Maintains awareness of the broader business and regulatory context, customer expectations, and market threat landscape to focus testing on what matters most. Supports planning and delivery by providing clear effort estimates, timely reporting, and actionable recommendations that help teams meet release timelines and compliance commitments.
• Executes and maintains the end-to-end penetration testing process in line with the Group’s Operational Risk Framework - typically operating as a second line assurance function (or supporting first line testing where embedded). Owns the assessment lifecycle: intake and scoping, rules of engagement and approvals, testing execution, evidence handling, reporting and risk rating, quality review, remediation validation/re-testing, and integration of results into vulnerability/risk tracking and governance metrics.
• Leads by example to promote a strong security culture, professional standards, and safe testing practices. Mentors and coaches team members, supports onboarding, and contributes to ongoing skills development through knowledge sharing, playbooks, and peer reviews. Helps ensure adequate supervision and quality control for critical testing activities, and provides input to team capacity planning, role expectations, and performance feedback to support retention and continuous improvement.
• Supports effective oversight by applying approved security testing frameworks, processes, and policies, and by ensuring assessments are properly scoped, authorized, documented, and quality reviewed. Contributes to governance reporting by providing clear risk summaries, key metrics, and recurring-issue trends to relevant forums and stakeholders. Maintains awareness of applicable regulatory and internal control requirements and ensures testing and reporting outputs meet expected standards, including evidence handling and auditability.
• Identifies, assesses, and communicates security risks through penetration testing by validating vulnerabilities, quantifying impact, and mapping findings to business-critical assets and threat scenarios. Ensures risks are appropriately recorded, prioritized, and tracked to remediation, including re-testing and evidence-based closure. Maintains awareness of the Group’s key risk drivers and control environment, escalates material issues promptly, and uses trends and metrics from assessments to recommend practical controls and risk-reduction measures.

Skills and Experience

• Reporting & Communication.
• Web Apps automatic and manual testing.
• API Security automatic and manual testing.
• Web App Security Standards knowledge.
• Network & Infrastructure security testing.
  
• Active Directory automatic and manual testing.
• Cloud Security testing and configuration review.
• Mobile application manual and automatic testing.
• Source Code Review.
• Scripting & Automation.
• Exploitation - PoC development, exploit adaptation, post-exploitation hygiene.
• Vulnerability Validation - Evidence quality, reproducibility, false-positive elimination.
• Remediation Guidance - Secure fixes, compensating controls, validation strategy.
• Threat Thinking - Attack path modeling, chaining, prioritization by impact/likelihood.
• Ethics & Safety - Safe testing, non-disruptive exploitation, data handling.

Qualifications

Education

• Bachelor’s degree in information security, Computer Science, Engineering, or a related Field or Equivalent Practical Experience in Penetration Testing / Offensive Security

Training

• Formal Training or Demonstrated Proficiency in Penetration Testing Methodologies and tooling across Common Domains(WEB APPLICATIONS/APIS, NETWORKS, SYSTEMS).
• Working Knowledge of Secure Development Concepts and Vulnerability Classes (E.G., OWASP TOP 10, AUTHENTICATION/AUTHORIZATION, INPUT VALIDATION, CRYPTOGRAPHY BASICS).
• Base Knowledge From al least one of the following areas: Active Directory, Cloud Security (AWS/AZURE/GCP), Mobile Security (ANDROID/IOS), Red Teaming/Adversary Simulation, Exploit Development Fundamentals, Secure Code Review.

Languages

• English: Professional Working Proficiency (Written and Spoken), Including the ability to produce clear, Client Ready Reports

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.