Penetration Tester
We are looking for a driven and skilled Penetration Tester to join our team of existing security specialists. This role is for a seasoned professional, responsible for executing comprehensive testing, identifying and reporting vulnerabilities across our wide client base.
The ideal candidate will be a proactive problem-solver with a strong technical background and a proven track record of operating as a dedicated penetration tester within a cyber security focused department or company. Applicants should have a strong understanding of common security issues and concepts such as the OWASP Top Ten, common pentesting/vulnerability assessment tools, and a passion for delivering results.
This position requires a high degree of autonomy in executing tasks while contributing to the team's overall expertise and effectiveness.
Primary Role Responsibilities:
Conduct Structured Testing to Identify Security Vulnerabilities:
Consistently complete methodology driven penetration tests within allocated timeframes and to a quality standard that passes all internal QA checks, aiming for a utilization rate of 80%.
Troubleshooting and Escalation:
Promptly raise technical blockers or concerns with Technical Pentest Managers (TPMs) and work proactively to resolve them, adhering to the principle of 'do no harm' to client systems.
Specialist Expertise:
Maintain up-to-date knowledge within a specific area of expertise and routinely update associated methodologies to reflect current best practices and threat landscapes.
Cross-Training:
Serve as a secondary point of contact on at least one other testing methodology to support the primary in cases of absence or unavailability.
Submission Triage:
Analyse, reproduce and assign severity of vulnerabilities as part of our in-house triage process for security submissions raised by the wider Crowd of testers.
Working Hours:
Be able to execute testing within UK core business hours (09:00 - 17:30 GMT). Some tests may fall outside of these hours, but the majority of tests will need to be completed within this timeframe.
Desired Skills & Experience:
Experience: 2 - 3+ years of proven experience in conducting penetration tests and a track record of delivering high-quality, reliable results alongside a strong understanding of wider cybersecurity concepts and best practices.
Technical Skills: Familiarity with commonly used command line tools (e.g. Bash, SSH, grep, etc.), security testing tools (e.g. BurpSuite, Postman, Nmap, Kali, Metasploit, etc.) and approach to penetration testing activities.
Technical Knowledge: Ability to explain common security vulnerabilities - at a minimum, the OWASP top ten, but ideally beyond.
Soft Skills:
Ability to translate technical concepts and security vulnerabilities into business risks for associated (non-technical) stakeholders, as well as explain them to more junior team mates.
Has an appetite for assertive conversations amongst stakeholders to drive project outcomes and deliverables.
Strong written and spoken business English (C1+ or native fluency).
Certifications: Certifications such as OSCP(+) (Offensive Security Certified Professional), OSWE (OffSec Web Expert), CRT (CREST Registered Penetration Tester), etc. are considered a plus.
Working Conditions and Physical Requirements
The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.
Sitting and / or standing - Must be able to remain in a stationary position 50% of the time
Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.
Environment - remote, work-from-home 100% of the time.
Penetration Tester
We are looking for a driven and skilled Penetration Tester to join our team of existing security specialists. This role is for a seasoned professional, responsible for executing comprehensive testing, identifying and reporting vulnerabilities across our wide client base.
The ideal candidate will be a proactive problem-solver with a strong technical background and a proven track record of operating as a dedicated penetration tester within a cyber security focused department or company. Applicants should have a strong understanding of common security issues and concepts such as the OWASP Top Ten, common pentesting/vulnerability assessment tools, and a passion for delivering results.
This position requires a high degree of autonomy in executing tasks while contributing to the team's overall expertise and effectiveness.
Primary Role Responsibilities:
Conduct Structured Testing to Identify Security Vulnerabilities:
Consistently complete methodology driven penetration tests within allocated timeframes and to a quality standard that passes all internal QA checks, aiming for a utilization rate of 80%.
Troubleshooting and Escalation:
Promptly raise technical blockers or concerns with Technical Pentest Managers (TPMs) and work proactively to resolve them, adhering to the principle of 'do no harm' to client systems.
Specialist Expertise:
Maintain up-to-date knowledge within a specific area of expertise and routinely update associated methodologies to reflect current best practices and threat landscapes.
Cross-Training:
Serve as a secondary point of contact on at least one other testing methodology to support the primary in cases of absence or unavailability.
Submission Triage:
Analyse, reproduce and assign severity of vulnerabilities as part of our in-house triage process for security submissions raised by the wider Crowd of testers.
Working Hours:
Be able to execute testing within UK core business hours (09:00 - 17:30 GMT). Some tests may fall outside of these hours, but the majority of tests will need to be completed within this timeframe.
Desired Skills & Experience:
Experience: 2 - 3+ years of proven experience in conducting penetration tests and a track record of delivering high-quality, reliable results alongside a strong understanding of wider cybersecurity concepts and best practices.
Technical Skills: Familiarity with commonly used command line tools (e.g. Bash, SSH, grep, etc.), security testing tools (e.g. BurpSuite, Postman, Nmap, Kali, Metasploit, etc.) and approach to penetration testing activities.
Technical Knowledge: Ability to explain common security vulnerabilities - at a minimum, the OWASP top ten, but ideally beyond.
Soft Skills:
Ability to translate technical concepts and security vulnerabilities into business risks for associated (non-technical) stakeholders, as well as explain them to more junior team mates.
Has an appetite for assertive conversations amongst stakeholders to drive project outcomes and deliverables.
Strong written and spoken business English (C1+ or native fluency).
Certifications: Certifications such as OSCP(+) (Offensive Security Certified Professional), OSWE (OffSec Web Expert), CRT (CREST Registered Penetration Tester), etc. are considered a plus.
Working Conditions and Physical Requirements
The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.
Sitting and / or standing - Must be able to remain in a stationary position 50% of the time
Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.
Environment - remote, work-from-home 100% of the time.