Senior Penetration Tester

Social network you want to login/join with:

We have an incredible opportunity to join our Threat Led Pen-Testing Team within the Information Security Department.

Job Type: Permanent

Location: Based in Telford or Edinburgh, with hybrid working arrangements.

Flexible working: Part-time, job-share, and other flexible options available. Discussions will be held during recruitment to align with your needs and business requirements.

Salary and benefits: £60,000 to £65,000 plus 16% bonus (up to 32%), private medical cover, 38 days annual leave, pension, life assurance (12x salary), career breaks, income protection, volunteering days, and more.

We aim to be the best workplace for our 6,600 colleagues. As the UK’s largest long-term savings and retirement provider, we offer products under brands like Standard Life, SunLife, Phoenix Life, and ReAssure. With around 1 in 5 UK residents holding a pension with us, we are a FTSE 100 company committed to sustainability and innovation, including transitioning to net zero by 2050.

We are seeking a Senior Penetration Tester for our Threat led Pen-Testing team. Your responsibilities will include conducting penetration tests on web applications, infrastructure, and participating in purple teaming exercises.

You will:

1. Lead penetration tests from scoping to delivery, reporting, and debriefing.
2. Contribute to the quality assurance of internal pen test reports.
3. Collaborate with the Blue team during Purple Team exercises.
4. Stay updated on the Cyber Security Threat Landscape, Attacks, and Adversary TTPs.

• Minimum 2 years of full-time Penetration Testing experience.
• Strong understanding of the Penetration Testing process.
• Up-to-date knowledge of the latest trends and attack vectors.
• Experience with a wide range of testing methodologies.
• Proficiency with industry-standard and open-source tools.
• Understanding of infrastructure and security architectures.
• Knowledge of the Cyber Kill Chain and MITRE ATT&CK framework.
• Certifications such as Crest CRT, CCT, APP/INF, CRTO, CRTL, OSCP, OSEP, OSWE, GPEN, HTB, CPTS, CBBH, CAPE, PNPT or equivalent.
• Ability to articulate vulnerabilities and assess business risks, with excellent reporting and presentation skills.
• Experience with Red Team or Purple Team exercises.
• Software development skills in C/C++, C#, Python, Java, Go, Nim, or Rust.

We embrace diversity and welcome applicants from all backgrounds. If your experience doesn't match all criteria but you believe you can add value, we encourage you to apply. Please inform us of any adjustments needed during the recruitment process.

Note: We reserve the right to close the advert early. We recommend applying promptly.