AdvertPeople make Sage great. From our colleagues delivering ground-breaking solutions to the customers who use them : people have helped us grow for more than thirty years, and people are driving our future as a great SaaS company.
We’re writing our next chapter. Be part of it!
Experience has taught us that when our customers thrive, we thrive. As a team, we always start with what customers need.
Through the good and more challenging times. Innovating at pace so customers can manage their finances, operations and people.
Every one of us shapes our culture at Sage - doing what’s right and succeeding together, united by our commitment to each other.
We encourage each other to grow in our roles, in our careers and as individuals.
Follow us on our social media sites below to join in conversations about career tips, open positions and company news! #lifeatsage #sagecareers.
If you would like support with your application (or require any adjustments) please contact us at for assistance. All qualified applicants will be thoughtfully considered and never discriminated against based on their race, color, age, religion, sexual orientation, gender identity, national origin, disability or veteran status.
Job DescriptionTo be the team lead and deliver offensive security testing across Sage covering red teaming (including social engineering and physical tactics), penetration testing (including web, APIs, mobile, and infrastructure) and bug bounty programme support (including triage and verification).
As well as this you will need to carry out purple teaming to ensure that Sage teams properly understand vulnerabilities that are found and implement both effective fixes and detection via our SOC.
You will continually maintain and improve the skills, tools, processes and approaches of the Offensive Security Team to meet the evolving threat.
The ultimate goal is to drive continual improvement in the security of our products, systems and behaviours.Key ResponsibilitiesKey accountabilities and decision ownership :
Maintaining own skills and knowledge, and mentoring team members, to ensure alignment with recognised industry standards, levels of competence and emerging threats, vulnerabilities and techniques
Contributing to the development and continual improvement of methodologies, standards, tools and approaches for the team
Managing team workload to ensure delivery to expected quality and timescales
Performing a range of offensive security tactics and techniques including infrastructure testing, web and mobile application penetration testing and social engineering (including physical access)
Scoping penetration tests to be performed by external suppliers. Assessing supplier performance against desired service levels and value for money
Working with Sage teams to fix identified vulnerabilities ensuring they fully understand the issues found and how to fix them
Analysis of vulnerabilities and other findings to identify systemic weaknesses and drive continual improvement in products, systems and behaviours as part of our Information Security Management System, aligned to ISO27001
Publishing blogs / articles and representing Sage at external events to establish us as a recognised centre of excellence for security.
Skills, know-how and experience :
Must have :
Experience of team leadership or leading engagements
Experience of red teaming, including a wide variety of attack simulation tactics and techniques
Experience of penetration testing covering web, API, mobile applications, infrastructure and social engineering (including physical access)
Experience with security tools such as Metasploit, Kali Linux, Nmap, Burp Suite
Good knowledge of CWE, CVSS and MITRE ATT&CK TTPs
Good verbal and written communication skills
Experience of working with geographically dispersed teams
Knowledge of scripting or software / tools development
Experience in ISO27001, PCI, OWASP ASVS or similar standards
Experience of working with suppliers to scope effective penetration tests.
Experience of purple teaming
Experience working in an agile, DevOps / DevSecOps environment.
Technical / professional qualifications :
CHECK Team Leader, CREST CCT, Tiger Scheme Senior Tester or similar.