Penetration Tester

Role Overview

We are seeking an experienced Penetration Tester to assess, test, and improve the security posture of client and internal systems, applications, networks, and cloud environments. The successful candidate will have hands-on industry experience in offensive security, vulnerability assessment, exploitation techniques, and security reporting, supported by relevant professional certifications.

This role is suited to someone who can think like an attacker, communicate clearly with technical and non-technical stakeholders, and help teams remediate security weaknesses effectively.

Key Responsibilities

• Plan and conduct penetration tests across web applications, APIs, infrastructure, cloud environments, wireless networks, and internal systems.
• Identify, validate, and safely exploit security vulnerabilities using industry-standard tools and manual testing techniques.
• Perform vulnerability assessments, security reviews, configuration reviews, and attack path analysis.
• Produce clear, accurate, and actionable penetration testing reports, including technical findings, risk ratings, evidence, business impact, and remediation guidance.
• Present findings to technical teams, senior stakeholders, and clients where required.
• Support remediation activities by advising engineering, IT, DevOps, and security teams.
• Conduct retesting to confirm vulnerabilities have been resolved.
• Maintain awareness of emerging threats, vulnerabilities, exploit techniques, and attacker tradecraft.
• Contribute to the continuous improvement of testing methodologies, tooling, templates, and internal knowledge bases.
• Ensure all testing is conducted safely, ethically, and within agreed scope, rules of engagement, and legal requirements.

Required Skills and Experience

• Proven industry experience in penetration testing, red teaming, vulnerability assessment, or offensive security.
• Strong understanding of common vulnerability classes, including OWASP Top 10, authentication flaws, access control issues, injection attacks, insecure configuration, privilege escalation, and lateral movement.
• Experience testing web applications, APIs, internal and external networks, Active Directory environments, and cloud platforms.
• Familiarity with common security tools such as Burp Suite, Nmap, Nessus, Metasploit, BloodHound, Wireshark, Kali Linux, and similar offensive security tooling.
• Ability to manually validate vulnerabilities rather than relying solely on automated scanning tools.
• Strong knowledge of networking, operating systems, identity and access management, encryption, and secure architecture principles.
• Experience writing professional penetration testing reports with practical remediation recommendations.
• Good understanding of risk assessment, CVSS, threat modelling, and security control effectiveness.
• Ability to manage multiple engagements and work independently or as part of a team.
• Strong written and verbal communication skills.

Certifications

Candidates should hold, or be working towards, relevant industry certifications such as:

• OSCP, OSEP, OSWE, or other Offensive Security certifications
• CREST Registered Tester, CREST Certified Tester, or equivalent
• GIAC certifications such as GPEN, GWAPT, GXPN, or GCIH
• CompTIA PenTest+
• CISSP, CISM, or similar security certifications would be advantageous

Desirable Skills

• Knowledge of MITRE ATT&CK, cyber kill chain methodology, and threat-led testing.
• Experience testing cloud environments such as AWS, Azure, or Google Cloud Platform.
• Experience with container, Kubernetes, CI/CD, or DevSecOps security assessments.
• Scripting or programming ability in Python, Bash, PowerShell, JavaScript, Go, or similar.
• Experience with mobile application testing for iOS and Android.
• Familiarity with regulatory or assurance frameworks such as PCI DSS, ISO 27001, NIST, Cyber Essentials, or SOC 2.
• Experience with red team operations, adversary simulation, social engineering, or physical security testing.
• Experience mentoring junior testers or contributing to internal security capability development.

Personal Attributes

• Ethical, responsible, and professional approach to security testing.
• Curious mindset with a strong interest in offensive security and continuous learning.
• Analytical and methodical approach to problem-solving.
• Able to explain complex technical issues in clear, practical language.
• Strong attention to detail and commitment to high-quality deliverables.
• Comfortable working under time constraints and within defined testing scopes.