Principal Security Consultant

Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.\n\nIn the UK we have over 500 staff working in London, Gloucester, Warrington, Leeds or as homeworkers and 130 staff working for global projects\n\nWorking For Claranet\nHere at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean it). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, gym and other benefits.\n\nBut what we think makes us different is ‘Team Claranet,’ our dedicated internal part of the business that supports you with matters close to your heart.\n\nOur Vision\nOur vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.\n\nPosition Summary\nThe Principal Security Consultant is responsible for leading and delivering high-impact security training programs while supporting advanced penetration testing engagements.

This role is primarily focused on building and delivering practical, hands-on training that enhances offensive security capabilities and secure development across client organizations.\n\nThe successful candidate will be passionate about both offensive security and education—capable of not only discovering advanced attack paths but also clearly communicating them through engaging, developer-focused training. Strong client engagement skills are essential, including the ability to deliver strategic security guidance and build long-term relationships through high-quality consulting and training delivery.\n\nOur team is growing, and we are looking for individuals who can help us continue to build a world-class cyber security practice while contributing to the development of our training capabilities and technical excellence.\n\nBased in India, this role will lead penetration testing engagements and deliver training for global clients, working as part of an international team of security consultants who actively collaborate on research, tooling, and knowledge sharing.\n\nAs a respected training provider and a leading contributor to Black Hat conferences, this role provides opportunities to design and deliver training to private clients, at industry events, and at international conferences.\n\nIn addition to delivery, the consultant will play a key role in developing and evolving technical training content, including hands-on labs, vulnerable applications, demonstrations, and course materials aligned with modern attack techniques. The role also involves mentoring junior consultants, contributing to internal capability building, and helping shape the next generation of security testers and trainers within the organization.\n\nCandidates with experience delivering advanced hands-on training, presenting at industry events, or conducting technical workshops are strongly encouraged to apply.\n\nObjectives & Key Results\nThe Principal Security Consultant is a senior member of the Consultancy Team, acting as a trusted advisor, technical leader, and subject matter expert in cybersecurity, with a strong emphasis on delivering and scaling high-impact security training.\nThe key objectives will be to:\nDeliver high-impact security training programs across private clients, public events, and industry conferences, with a focus on Web Security, DevSecOPS and Application Security enabling participants to effectively identify and remediate real-world vulnerabilities\nContinuously develop and enhance training content, labs, and vulnerable applications to reflect the latest offensive security techniques and emerging threats, including AI/LLM\nLead and execute advanced penetration testing engagements across web, mobile, API, secure code review to identifying complex attack paths and security weaknesses\nPerform secure code reviews, including SAST/DAST assessment\nProvide clear, actionable, and risk-based security recommendations to clients, effectively communicating technical findings to both technical and non-technical stakeholders\nBuild and maintain strong client relationships by acting as a trusted security advisor and delivering consistently high-quality consulting and training services\nMentor and develop junior consultants, contributing to internal capability building, knowledge sharing, and the growth of future trainers within the organization\n\nEssential Roles & Responsibilities\nDemonstrated ability to develop and deliver technical security training, including hands-on workshops and lab-based courses for enterprise customers or public audiences\nExperience designing training content, including vulnerable applications, attack labs, demonstrations, and courseware based on real-world penetration testing scenarios\nWork individually or as a part of team delivering security assessments to NotSoSecure clients both remotely and onsite\nPerform web, infrastructure, mobile, AI/LLM penetration testing and secure code reviews\nExploit vulnerabilities identified in client systems and communicate vulnerabilities to customers\nCreate assessment reports explaining technical and business risk of the vulnerabilities discovered including remediation recommendations for the clients\nManage project related tasks as per communicated deadlines\nKeep abreast with latest technology risks and utilise them in projects\nParticipate in project conference calls and lead the technical content on those calls\n\nKey Skills & Requirements\nExtensive experience in Information Security with strong expertise in penetration testing and application security\nEstablished in designing and delivering technical security training for security professionals, developers or DevSecOps\nProven ability to build structured training programs, including hands-on labs, vulnerable applications, and real-world attack simulations\nDemonstrated ability to create structured training programs, including hands-on labs, vulnerable applications, and real-world attack scenarios\nStrong ability to simplify and communicate complex security concepts and vulnerabilities to technical and non-technical audiences\nHands-on expertise in web, API, mobile, and AI/LLM penetration testing, with the ability to demonstrate real-world exploitation techniques during training\nExperience performing secure code reviews and translating findings into developer-focused remediation guidance\nSolid understanding of modern application architectures, secure SDLC practices, and DevSecOps principles\nProficiency with security testing tools such as Burp Suite Pro, Kali Linux, SQLMap, Nessus, and similar toolsets, with the ability to incorporate them into training delivery\nStrong scripting or programming skills (e.g., Python, JavaScript, Bash, Java, .NET) to build training labs, automation, or demonstrations\nExcellent presentation, facilitation, and communication skills, with confidence in delivering training to large and diverse audiences\nPassion for continuous learning and contributing to the security community through research, content creation, or conference presentations\nHigh ethical standards and professionalism in handling client engagements and training delivery\nWillingness and ability to travel for delivering training sessions, workshops, and conferences (as required)