Infoplus Technologies UK Ltd
Role: Penetration tester/Pen tester Location: London, UK (Hybrid) Inside IR35 Contract (6months +) The Role Performs manual and automated penetration tests on networks, systems, web applications, and endpoints. Identifies, exploits, and documents security vulnerabilities to assess an organization's risk exposure. Develops detailed reports with findings, impact analysis, and actionable remediation re commendations. Simulates real-world attacks to test the effectiveness of existing security controls and incident response. Keeps up to date with the latest vulnerabilities, exploit techniques and penetration testing tools in general and more specific to an airline industry, transportation sector. Your responsibilities: Performing IaC Automation and ServiceNow integrations to automate AWS Service catalogues. Planning and conducting the full-scope penetration tests of applications, APIs, internal infrastructure, networks, cloud environments Perform internal/external network testing, AD enumeration and abuse, privilege escalation Identifying potential weaknesses in systems, networks, and applications through various methods, including automated scanning and manual analysis. Employing the techniques and tools that malicious hackers might use to test the resilience of systems and identify vulnerabilities. Identify flaws such as insecure authentication, authorization bypass, input validation issues, cloud misconfigurations, AD misuses, etc. Create detailed reports, providing actionable advice to clients on how to address the identified vulnerabilities and improve their security posture; outlining identified vulnerabilities, their potential impact, and recommended remediation steps: including executive summaries and technical findings Collaborate with development, cloud, and infrastructure teams on remediation Test and review cloud security (AWS/Azure/GCP): IAM, storage, networking, etc. Your Profile Essential skills/knowledge/experience: Strong application security background (OWASP Top 10, API security) 3-7+ years in penetration testing, red teaming, or offensive security Proven experience conducting end-to-end pentests (internal, external, cloud, AD, web app, API) Familiarity with common pentest reporting formats (CVSS, MITRE ATT&CK mapping) Experience working in both waterfall and agile environments Comfort with NDA-restricted, compliance-driven, or sensitive environments Strong reporting skills for both technical and executive audiences Familiarity with cryptographic principles and techniques. Ability to write scripts (Python, Shell, Bash) for automation and exploit development. Infrastructure: Windows, Linux, Active Directory, Entra ID/Azure AD, VPNs, VLANs Cloud Platforms: AWS, Azure, GCP Security Tools: o Recon & Infra: Nmap, Nessus, Masscan, Amass, Recon-ng o Exploitation: Metasploit, ExploitDB, Cobalt Strike, Empire, Mimikatz o Web App Tools: Burp Suite, ZAP, Nikto, SQLmap o Cloud Tools: ScoutSuite, CloudSploit, Pacu Desirable skills/knowledge/experience: Exceptional Customer engagement and reporting skills. Exceptional analytical, problem-solving, and troubleshooting abilities. Proven use of modern security tooling in real-world projects Experience in agile delivery teams and cross-functional collaboration Comfortable documenting technical findings and engaging in remediation cycles Nice to Have Certifications (not mandatory): o OSCP, OSWA, OSEP, OSCE, CRTP, CRTE, GPEN, GXPN, eCPPT o AWS or Azure Security certs o Advanced AD/cloud/red teaming trainings (eg, SANS, HackTheBox Pro Labs)
Role: Penetration tester/Pen tester Location: London, UK (Hybrid) Inside IR35 Contract (6months +) The Role Performs manual and automated penetration tests on networks, systems, web applications, and endpoints. Identifies, exploits, and documents security vulnerabilities to assess an organization's risk exposure. Develops detailed reports with findings, impact analysis, and actionable remediation re commendations. Simulates real-world attacks to test the effectiveness of existing security controls and incident response. Keeps up to date with the latest vulnerabilities, exploit techniques and penetration testing tools in general and more specific to an airline industry, transportation sector. Your responsibilities: Performing IaC Automation and ServiceNow integrations to automate AWS Service catalogues. Planning and conducting the full-scope penetration tests of applications, APIs, internal infrastructure, networks, cloud environments Perform internal/external network testing, AD enumeration and abuse, privilege escalation Identifying potential weaknesses in systems, networks, and applications through various methods, including automated scanning and manual analysis. Employing the techniques and tools that malicious hackers might use to test the resilience of systems and identify vulnerabilities. Identify flaws such as insecure authentication, authorization bypass, input validation issues, cloud misconfigurations, AD misuses, etc. Create detailed reports, providing actionable advice to clients on how to address the identified vulnerabilities and improve their security posture; outlining identified vulnerabilities, their potential impact, and recommended remediation steps: including executive summaries and technical findings Collaborate with development, cloud, and infrastructure teams on remediation Test and review cloud security (AWS/Azure/GCP): IAM, storage, networking, etc. Your Profile Essential skills/knowledge/experience: Strong application security background (OWASP Top 10, API security) 3-7+ years in penetration testing, red teaming, or offensive security Proven experience conducting end-to-end pentests (internal, external, cloud, AD, web app, API) Familiarity with common pentest reporting formats (CVSS, MITRE ATT&CK mapping) Experience working in both waterfall and agile environments Comfort with NDA-restricted, compliance-driven, or sensitive environments Strong reporting skills for both technical and executive audiences Familiarity with cryptographic principles and techniques. Ability to write scripts (Python, Shell, Bash) for automation and exploit development. Infrastructure: Windows, Linux, Active Directory, Entra ID/Azure AD, VPNs, VLANs Cloud Platforms: AWS, Azure, GCP Security Tools: o Recon & Infra: Nmap, Nessus, Masscan, Amass, Recon-ng o Exploitation: Metasploit, ExploitDB, Cobalt Strike, Empire, Mimikatz o Web App Tools: Burp Suite, ZAP, Nikto, SQLmap o Cloud Tools: ScoutSuite, CloudSploit, Pacu Desirable skills/knowledge/experience: Exceptional Customer engagement and reporting skills. Exceptional analytical, problem-solving, and troubleshooting abilities. Proven use of modern security tooling in real-world projects Experience in agile delivery teams and cross-functional collaboration Comfortable documenting technical findings and engaging in remediation cycles Nice to Have Certifications (not mandatory): o OSCP, OSWA, OSEP, OSCE, CRTP, CRTE, GPEN, GXPN, eCPPT o AWS or Azure Security certs o Advanced AD/cloud/red teaming trainings (eg, SANS, HackTheBox Pro Labs)
Stott and May
Internal Pen Tester Location: London (Hybrid - 2/3 days in office) Contract Length: 6 months Rate: £420 per day - Inside IR35 The Role We are seeking an Internal Penetration Tester to join on a 6-month contract. You will carry out advanced penetration testing across applications, APIs, internal infrastructure, networks, and cloud environments. The role involves simulating real-world attacks, identifying vulnerabilities, and providing clear remediation guidance to improve overall security posture. Key Responsibilities Conduct full-scope penetration tests of applications, APIs, networks, cloud, and internal infrastructure. Perform network testing, Active Directory enumeration/abuse, and privilege escalation. Identify weaknesses in authentication, authorization, input validation, and cloud/AD configurations. Simulate attacker techniques to test system resilience. Produce clear reports for both technical and executive audiences, including remediation advice. Collaborate with development, cloud, and infrastructure teams to close vulnerabilities. Candidate Profile Essential Skills & Experience 3-7+ years in penetration testing, red teaming, or offensive security. Strong application security knowledge (OWASP Top 10, API security). Hands-on experience in end-to-end pentests (internal, external, cloud, AD, web app, API). Strong Scripting skills (Python, Shell, Bash). Comfortable with Windows, Linux, Active Directory, Azure AD/Entra ID. Cloud platforms: AWS, Azure, GCP. Practical knowledge of tools such as Nmap, Nessus, Metasploit, Burp Suite, SQLmap, ScoutSuite, Pacu. Desirable Excellent client communication and reporting skills. Security certifications (eg OSCP, OSEP, GPEN, eCPPT, AWS/Azure Security). Strong analytical and problem-solving skills.
Internal Pen Tester Location: London (Hybrid - 2/3 days in office) Contract Length: 6 months Rate: £420 per day - Inside IR35 The Role We are seeking an Internal Penetration Tester to join on a 6-month contract. You will carry out advanced penetration testing across applications, APIs, internal infrastructure, networks, and cloud environments. The role involves simulating real-world attacks, identifying vulnerabilities, and providing clear remediation guidance to improve overall security posture. Key Responsibilities Conduct full-scope penetration tests of applications, APIs, networks, cloud, and internal infrastructure. Perform network testing, Active Directory enumeration/abuse, and privilege escalation. Identify weaknesses in authentication, authorization, input validation, and cloud/AD configurations. Simulate attacker techniques to test system resilience. Produce clear reports for both technical and executive audiences, including remediation advice. Collaborate with development, cloud, and infrastructure teams to close vulnerabilities. Candidate Profile Essential Skills & Experience 3-7+ years in penetration testing, red teaming, or offensive security. Strong application security knowledge (OWASP Top 10, API security). Hands-on experience in end-to-end pentests (internal, external, cloud, AD, web app, API). Strong Scripting skills (Python, Shell, Bash). Comfortable with Windows, Linux, Active Directory, Azure AD/Entra ID. Cloud platforms: AWS, Azure, GCP. Practical knowledge of tools such as Nmap, Nessus, Metasploit, Burp Suite, SQLmap, ScoutSuite, Pacu. Desirable Excellent client communication and reporting skills. Security certifications (eg OSCP, OSEP, GPEN, eCPPT, AWS/Azure Security). Strong analytical and problem-solving skills.
