Description
The role
We are looking for technically gifted and strategically minded Penetration Testers to deliver and lead offensive security engagements across diverse environments. You'll simulate sophisticated attack scenarios, uncover vulnerabilities, and provide strategic recommendations that help our clients reduce risk and enhance their overall security posture.
As a Senior Consultant or Manager, you'll assess infrastructures, applications, and cloud environments through ethical hacking engagements and work closely with clients to strengthen their resilience against evolving cyber threats.
Key Responsibilities
1. Plan, execute, and report on penetration testing engagements across network infrastructure, web and mobile applications, cloud environments, and APIs.
2. Deliver advanced threat emulation, social engineering, and red/purple team assessments, including Threat-Led Penetration Testing (TLPT) and TIBER exercises.
3. Analyse and communicate technical findings clearly, providing actionable recommendations tailored for both technical and executive stakeholders.
4. Provide strategic remediation advice to help clients address vulnerabilities and build long-term resilience.
5. Collaborate with internal threat intelligence, incident response, and governance teams to provide holistic cyber defence solutions.
6. Develop and enhance custom tools, scripts, and proof-of-concepts to improve testing effectiveness.
7. Contribute to knowledge sharing, methodology development, and team mentoring, depending on seniority.
8. Support business development initiatives through proposal input, presentations, or technical scoping discussions (Senior Consultant level).
Skills & Experience
9. Bachelor's degree in Computer Science, Cybersecurity, or a related discipline (or equivalent practical experience).
10. 3+ (5+ for Manager) years of hands-on penetration testing or offensive security experience.
11. Proficiency with tools such as Burp Suite, Nmap, Metasploit, Cobalt Strike, Nessus, and similar toolsets.
12. Deep understanding of common attack vectors, including OWASP Top 10, MITRE ATT&CK, and cloud-specific threat models.
13. Strong scripting capability in Python, PowerShell, or similar languages.
14. Relevant certifications such as OSCP, OSCE, CREST CRT/CCT, GPEN, or equivalent industry-recognised credentials.
Desired Skills
15. Experience testing cloud platforms (AWS, Azure, GCP) and container environments (Docker, Kubernetes).
16. Proven ability to lead client workshops, present findings, and manage sensitive or complex client discussions.
17. Familiarity with compliance frameworks and regulations such as PCI-DSS, ISO 27001, NIST, DORA, and NIS2.
18. Excellent report writing and communication skills, with the ability to translate technical findings into actionable insights for business leaders.
#LI-RM1