Penetration Tester
Description:
We are looking for a certified Penetration Tester to join our client’s cybersecurity team and help safeguard critical systems through simulated attacks and red team assessments. You’ll be responsible for identifying vulnerabilities across networks, applications, and cloud infrastructure and providing actionable insights to reduce risk exposure.
Ideal candidates have deep experience in offensive security. Testing, a strong understanding of exploits and security protocols, and a drive to continuously evolve with today’s fast-moving threat landscape.
Job Responsibilities
Plan, execute, and report on penetration tests across networks, web applications, APIs, mobile, and cloud environments
Conduct red team engagements, including simulated phishing, social engineering, and physical security assessments
Identify, document, and prioritise vulnerabilities and misconfigurations
Use both manual techniques and automated tools (e.g., Burp Suite, Metasploit, Nmap)
Collaborate with blue team and remediation teams to harden systems
Produce detailed technical reports and executive summaries for stakeholders
Stay up to date with the latest exploits, vulnerabilities (CVEs), and threat actor tactics
Requirements
Required Skills
Strong proficiency in penetration testing tools (e.g., Kali Linux, Burp Suite, Metasploit, Nmap, Wireshark)
Experience with OWASP Top 10, vulnerability scanning, and exploit development
Familiarity with MITRE ATT&CK framework and red team methodology
Solid knowledge of TCP/IP, firewalls, DNS, HTTP/HTTPS, and encryption protocols
Strong reporting and communication skills
At least one industry certification (OSCP, CEH, CREST CRT, or similar)
Desired Skills
Scripting skills in Python, PowerShell, or Bash
Experience with cloud security testing (AWS, Azure, GCP)
Familiarity with CI/CD environments and DevSecOps
Exposure to purple teaming or adversary emulation
Knowledge of physical security and social engineering tactics
Benefits
Job Benefits
Competitive salary + performance bonus
Paid training and certification reimbursement (OSCP, CREST, etc.)
25 days holiday + bank holidays
Private healthcare + mental health support
Fully remote or hybrid working options
Company-funded attendance at security conferences (DEF CON, Black Hat, etc.)