UBS
Your role 
Do you have experience in performing penetration testing? Do you like to test complex applications and find ways around security controls? Do you have proven ability to report and to provide guidance for software teams to remediate vulnerabilities?
 
We're looking for a penetration tester to:
•perform penetration testing against critical infrastructure (e.g. Active Directory, LDAP, DNS)
•assess operating system hardening (Windows/Linux/Unix), identifying misconfigurations, privilege escalation paths, and missing baseline controls
•perform penetration testing against web, thick-client and mobile applications
•identify and report vulnerabilities using common methodologies & communicate with application teams on how to remediate certain vulnerabilities
•participate in process improvements and automation
•perform technical QAs, including false-positive analysis and risk rating reviews
Your team
You will be part of the Application Security Testing team, which operates across multiple regions and supports the Application Security Framework. This role is essential to our Technology Services, particularly in the area of Application Security Testing.
As a penetration tester, you will play a crucial role in identifying and reporting vulnerabilities within critical UBS applications, including key public banking platforms. You will work closely with application teams to define the scope of work and execute your tests in a responsible manner. Utilizing the latest technologies and tools, you will detect emerging vulnerabilities and risks that could potentially compromise our bank. Furthermore, you will contribute to the enhancement and automation of internal processes and perform technical quality assurance on internal tests conducted.
Your expertise
•ideally, 3+ years of hands-on experience in penetration testing web, thick-client and mobile applications.
•strong hands-on experience with Active Directory exploitation and post-exploitation techniques.
•solid knowledge of network protocols, Windows and Linux internals, DNS, SMB, LDAP, and Kerberos.
•experience with OS hardening assessment tools and frameworks (e.g., CIS Benchmarks, Lynis, Microsoft Security Baselines).
•track record of explaining technical issues to application teams and assisting them in resolving issues
•confident communicator that can explain technology to non-technical audiences
•ability to properly document vulnerabilities and to produce penetration test report
•ideally certifications in cyber security area, such as OSWE, OSCP, CompTIA Security+, Burp Suite Certified Practitioner
"At UBS, we appreciate our Veterans and are committed to providing opportunities in Financial Services."
*LI-UBS
*UBS-MOGUL
About us
UBS is the world's largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors.
We have a presence in all major financial centers in more than 50 countries.
Join us
At UBS, we know that it's our people, with their diverse skills, experiences and backgrounds, who drive our ongoing success. We're dedicated to our craft and passionate about putting our people first, with new challenges, a supportive team, opportunities to grow and flexible working options when possible. Our inclusive culture brings out the best in our employees, wherever they are on their career journey. And we use artificial intelligence (AI) to work smarter and more efficiently. We also recognize that great work is never done alone. That's why collaboration is at the heart of everything we do. Because together, we're more than ourselves.
We're committed to disability inclusion and if you need reasonable accommodation/adjustments throughout our recruitment process, you can always contact us.
Do you have experience in performing penetration testing? Do you like to test complex applications and find ways around security controls? Do you have proven ability to report and to provide guidance for software teams to remediate vulnerabilities?
We're looking for a penetration tester to:
•perform penetration testing against critical infrastructure (e.g. Active Directory, LDAP, DNS)
•assess operating system hardening (Windows/Linux/Unix), identifying misconfigurations, privilege escalation paths, and missing baseline controls
•perform penetration testing against web, thick-client and mobile applications
•identify and report vulnerabilities using common methodologies & communicate with application teams on how to remediate certain vulnerabilities
•participate in process improvements and automation
•perform technical QAs, including false-positive analysis and risk rating reviews
Your team
You will be part of the Application Security Testing team, which operates across multiple regions and supports the Application Security Framework. This role is essential to our Technology Services, particularly in the area of Application Security Testing.
As a penetration tester, you will play a crucial role in identifying and reporting vulnerabilities within critical UBS applications, including key public banking platforms. You will work closely with application teams to define the scope of work and execute your tests in a responsible manner. Utilizing the latest technologies and tools, you will detect emerging vulnerabilities and risks that could potentially compromise our bank. Furthermore, you will contribute to the enhancement and automation of internal processes and perform technical quality assurance on internal tests conducted.
Your expertise
•ideally, 3+ years of hands-on experience in penetration testing web, thick-client and mobile applications.
•strong hands-on experience with Active Directory exploitation and post-exploitation techniques.
•solid knowledge of network protocols, Windows and Linux internals, DNS, SMB, LDAP, and Kerberos.
•experience with OS hardening assessment tools and frameworks (e.g., CIS Benchmarks, Lynis, Microsoft Security Baselines).
•track record of explaining technical issues to application teams and assisting them in resolving issues
•confident communicator that can explain technology to non-technical audiences
•ability to properly document vulnerabilities and to produce penetration test report
•ideally certifications in cyber security area, such as OSWE, OSCP, CompTIA Security+, Burp Suite Certified Practitioner
"At UBS, we appreciate our Veterans and are committed to providing opportunities in Financial Services."
*LI-UBS
*UBS-MOGUL
About us
UBS is the world's largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors.
We have a presence in all major financial centers in more than 50 countries.
Join us
At UBS, we know that it's our people, with their diverse skills, experiences and backgrounds, who drive our ongoing success. We're dedicated to our craft and passionate about putting our people first, with new challenges, a supportive team, opportunities to grow and flexible working options when possible. Our inclusive culture brings out the best in our employees, wherever they are on their career journey. And we use artificial intelligence (AI) to work smarter and more efficiently. We also recognize that great work is never done alone. That's why collaboration is at the heart of everything we do. Because together, we're more than ourselves.
We're committed to disability inclusion and if you need reasonable accommodation/adjustments throughout our recruitment process, you can always contact us.