Senior Penetration Tester
Location: Fully Remote (UK-Based)
Salary Range: £50,000 - £85,000 (dependent on experience)
Position: Permanent, Full-Time
My client is a dynamic and growing cybersecurity consultancy dedicated to providing top-tier security services to a diverse range of clients. They believe in empowering the team with the flexibility of remote work while tackling challenging and engaging projects that make a real difference to their clients' security posture.
The Role
We are seeking a highly skilled and motivated Senior Penetration Tester to join our remote team. You will be responsible for leading and executing complex penetration tests against a variety of systems, networks, and applications. The ideal candidate is not just a proficient tester but a critical thinker who can articulate risks clearly and provide pragmatic remediation advice to clients.
Key Responsibilities
- Plan, lead, and execute sophisticated penetration tests across infrastructure, web applications, APIs, and internal networks.
- Conduct advanced Red Team exercises to simulate real-world adversary attacks and test organisational defences.
- Produce high-quality, clear, and concise reports for both technical and executive audiences, detailing findings, risks, and actionable remediation strategies.
- Mentor and provide guidance to junior members of the team, promoting best practices and knowledge sharing.
- Collaborate with clients to scope engagements, present findings, and provide expert advice on mitigating identified vulnerabilities.
- Stay abreast of the latest security vulnerabilities, attack vectors, tools, and methodologies.
- Contribute to the continuous improvement of our testing methodologies and service offerings.
Essential Skills & Qualifications
- Must hold active CREST Certified Tester (CRT) certification. (Non-negotiable)
- Proven commercial experience in a penetration testing role.
- Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities.
- Strong experience in web application penetration testing (OWASP Top 10).
- Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.).
- Excellent written and verbal communication skills, with a proven ability to write detailed technical reports.
- A proactive and self-motivated attitude, capable of working effectively in a fully remote environment.
Desirable Skills & Qualifications
- Experience with or knowledge of implementing Cyber Essentials and Cyber Essentials Plus schemes is highly desirable.
- Additional certifications such as:
- CREST Certified Simulated Attack Specialist (CCSAS) / Certified Simulated Attack Manager (CCSAM)
- Offensive Security Certified Professional (OSCP)
- Certified Information Systems Security Professional (CISSP)
- SANS GIAC Penetration Tester (GPEN) or Web Application Penetration Tester (GWAPT)
- Experience in mobile application (iOS/Android) testing, cloud security (AWS/Azure/GCP), or social engineering.
- Experience scripting in Python, PowerShell, or Bash to develop custom tools or exploits.
What We Offer
- A competitive salary of £50,000 - £85,000.
- Fully remote working - work from anywhere in the UK.
- A supportive and collaborative culture with a strong focus on professional development.