About the Role
Great role for an experienced Senior Penetration Tester to join a growing security consultancy and play a key role in delivering high‑quality, security testing across a wide range of environments.
This role is suited to someone who enjoys being hands‑on, is comfortable leading engagements end‑to‑end and takes pride in producing clear, defensible findings that help organisations reduce real security risk. You will work closely with technical teams and stakeholders to test applications and infrastructure, explain risk in practical terms, and support effective remediation.
What You’ll Be Doing
- Plan, scope, and deliver manual penetration testing engagements across web applications, APIs, infrastructure and cloud environments.
- Lead testing activities from initial scoping through execution, reporting and client or stakeholder read‑outs.
- Identify, validate and exploit security weaknesses using a combination of tooling and manual techniques.
- Clearly document findings, impact and remediation guidance in high‑quality technical and non‑technical reports.
- Communicate risk effectively to a range of audiences, including engineers, product owners and non‑technical stakeholders.
- Support remediation efforts by working collaboratively with development, infrastructure and security teams.
- Contribute to internal quality assurance, peer review and continuous improvement of testing methodologies.
- Share knowledge within the team through mentoring, tooling contributions and technical discussions.
- Maintain awareness of emerging attack techniques, vulnerabilities and defensive controls relevant to modern environments.
What you’ll need
- Hands‑on penetration testing experience, delivering tests across multiple environments
- Strong understanding of web application and infrastructure security, including common attack vectors and misconfigurations.
- Confidence using industry‑standard tools such as Burp Suite, Nmap, Metasploit, and similar assessment tooling.
- Ability to perform manual testing beyond automated findings, including business logic flaws and chained vulnerabilities.
- Strong communication skills and confidence discussing security risk with non‑technical audiences.
- A methodical, ethical approach to testing and handling sensitive information.
Desirable but not essential
- Experience testing mobile applications, cloud‑native architectures, or containerised environments.
- Scripting or programming experience (e.g. Python, Bash, PowerShell) to support testing or automation.
- Involvement in internal research, tooling development, or methodology improvement.
- Relevant industry certifications such as OSCP, CREST CRT, or equivalent.
- Experience supporting compliance‑driven testing (e.g. Cyber Essentials Plus or similar).
Interested?
Apply now for more information!