We are seeking a motivated and skilled Mid-Level Penetration Tester with 2 or more years of commercial experience in delivering application security assessments, as well as internal and external infrastructure security assessments.
Additional exposure to other engagement types is beneficial.
This role is ideal for someone looking to deepen their expertise in cybersecurity while working on varied and challenging projects, with early-career exposure to red team engagements.
This is an ideal opportunity for a skilled penetration tester to join a newly provisioned service, with opportunities to assist with the evolution and further development of the service.
The successful candidate will play a key role in assessing and improving our clients' security postures, working with a diverse portfolio of organisations across various sectors.
Key Responsibilities Perform application security assessments, identifying vulnerabilities and delivering actionable recommendations.
Conduct internal and external infrastructure security assessments, simulating real-world attack scenarios to uncover security gaps.
Create detailed, professional, and actionable security reports tailored to technical and non-technical stakeholders.
Collaborate with clients to understand their unique security challenges and provide tailored solutions.
Stay updated with the latest vulnerabilities, exploits, and industry trends.
Participate in knowledge-sharing and contribute to team improvements and methodologies Essential Skills and Experience Approximately 2 years of hands-on commercial experience in penetration testing or a similar role.
Proven experience conducting: Application security assessments.
Internal and external infrastructure security assessments.
Familiarity with common penetration testing tools and frameworks (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Nessus).
Strong understanding of security principles, OWASP Top 10, and MITRE ATT&CK.
Excellent verbal and written communication skills, with the ability to articulate technical findings to varied audiences.
Desirable (Certifications) CREST CPSA (Practitioner Security Analyst) CREST CRT (Registered Tester) Cyber Scheme certifications CompTIA Pentest Certified Ethical Hacker (CEH) Certified Red Team Operator (CRTO) Additional Skills Scripting experience (e.g., Python, Bash, PowerShell) is advantageous Experience with cloud security assessments (AWS, Azure, or GCP) is a plus What We Offer Competitive salary and benefits package Opportunities for professional development, including support for certifications A dynamic and supportive team environment Exposure to diverse and challenging projects Flexible working arrangements where possible Early career exposure to Red Team engagements such as physical intrusion simulation Self-development/ shadowing/ training time