Penetration Tester

We are looking for a driven and skilled Penetration Tester to join our team of existing security specialists. This role is for a seasoned professional, responsible for executing comprehensive testing, identifying and reporting vulnerabilities across our wide client base. 

The ideal candidate will be a proactive problem-solver with a strong technical background and a proven track record of operating as a dedicated penetration tester within a cyber security focused department or company. Applicants should have a strong understanding of common security issues and concepts such as the OWASP Top Ten, common pentesting/vulnerability assessment tools, and a passion for delivering results.

This position requires a high degree of autonomy in executing tasks while contributing to the team's overall expertise and effectiveness.

Primary Role Responsibilities:

• Conduct Structured Testing to Identify Security Vulnerabilities:

  •  Consistently complete methodology driven penetration tests within allocated timeframes and to a quality standard that passes all internal QA checks, aiming for a utilization rate of 80%. 

• Troubleshooting and Escalation:

  • Promptly raise technical blockers or concerns with Technical Pentest Managers (TPMs) and work proactively to resolve them, adhering to the principle of "do no harm" to client systems.

• Specialist Expertise:

  • Maintain up-to-date knowledge within a specific area of expertise and routinely update associated methodologies to reflect current best practices and threat landscapes.

• Cross-Training:

  • Serve as a secondary point of contact on at least one other testing methodology to support the primary in cases of absence or unavailability.

• Submission Triage:

  • Analyse, reproduce and assign severity of vulnerabilities as part of our in-house triage process for security submissions raised by the wider Crowd of testers. 

• Working Hours:

  • Be able to execute testing within UK core business hours (09:00 - 17:30 GMT). Some tests may fall outside of these hours, but the majority of tests will need to be completed within this timeframe.

Desired Skills & Experience:

• Experience: 2 - 3+ years of proven experience in conducting penetration tests and a track record of delivering high-quality, reliable results alongside a strong understanding of wider cybersecurity concepts and best practices.

• Technical Skills: Familiarity with commonly used command line tools (e.g. Bash, SSH, grep, etc.), security testing tools (e.g. BurpSuite, Postman, Nmap, Kali, Metasploit, etc.) and approach to penetration testing activities.

• Technical Knowledge: Ability to explain common security vulnerabilities - at a minimum, the OWASP top ten, but ideally beyond.

• Soft Skills: 

  • Ability to translate technical concepts and security vulnerabilities into business risks for associated (non-technical) stakeholders, as well as explain them to more junior team mates. 

  • Has an appetite for assertive conversations amongst stakeholders to drive project outcomes and deliverables.

  • Strong written and spoken business English (C1+ or native fluency).

• Certifications: Certifications such as OSCP(+) (Offensive Security Certified Professional), OSWE (OffSec Web Expert), CRT (CREST Registered Penetration Tester), etc. are considered a plus.

Working Conditions and Physical Requirements

• The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.

• Sitting and / or standing - Must be able to remain in a stationary position 50% of the time

• Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.

• Environment - remote, work-from-home 100% of the time.