Penetration Tester

Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting nearly 10,000 organizations from unknown threats using its proprietary AI. The Darktrace Active AI Security Platform™ delivers a proactive approach to cyber resilience to secure the business across the entire digital estate - from network to cloud to email. Breakthrough innovations from our R&D teams have resulted in over 200 patent applications filed. Darktrace's platform and services are supported by over 2,400 employees around the world. To learn more, visit http://www.darktrace.com.

Penetration Tester within the internal cybersecurity team. You'll play a key role in identifying and mitigating security risks across the organisation's digital landscape. This position requires hands-on experience in offensive security and a deep understanding of network, application, and cloud-based vulnerabilities.

You'll be responsible for conducting thorough penetration tests, simulating real-world attacks, and delivering actionable insights to both security and development teams. Collaboration and continuous learning are central to the role, ensuring our defences stay ahead of emerging threats.

• Performing penetration tests on web applications, networks, APIs, mobile apps, and cloud environments.
• Simulating real-world attack scenarios to assess system and infrastructure resilience.
• Producing detailed technical reports and executive summaries for stakeholders.
• Collaborating with internal teams to validate findings and support remediation efforts.
• Staying up to date with emerging threats, vulnerabilities, and offensive security techniques.

Please note this is a hybrid role, with a compulsory attendance of 2 days a week in either the Cambridge or London office.

To succeed in this role, you'll need a solid background in penetration testing or offensive security, along with hands-on experience using industry-standard tools and frameworks. A strong grasp of security principles and methodologies is essential, as is the ability to communicate findings clearly and effectively. Other qualifications and skills include:

• Proficiency with tools like Burp Suite, Nmap, Metasploit, Nessus, and Kali Linux, plus scripting skills in Python, Bash, or PowerShell,
• Strong understanding of OWASP Top 10, MITRE ATT&CK, CVSS scoring, and familiarity with cloud platforms (AWS, Azure, GCP) and container security,
• Relevant certifications such as OSCP, CREST CRT, or eCPPT are highly desirable, along with excellent written and verbal communication skills.

• Ability to mentor junior testers and contribute to internal tooling.

• 23 days' holiday + all public holidays, rising to 25 days after 2 years of service,
• Additional day off for your birthday,
• Private medical insurance which covers you, your cohabiting partner and children,
• Life insurance of 4 times your base salary,
• Salary sacrifice pension scheme,
• Enhanced family leave,
• Confidential Employee Assistance Program,
• Cycle to work scheme.