Penetration tester

Role: Pen tester. Rate: Outside IR35. Location: 1-2 days a week onsite in Croydon. Duration: 6 months initially. SC clearance required.

This role supports the strategic shift towards internal assurance, reducing reliance on external ITHC suppliers, and aligning with Secure-by-Design (SbD) principles.

• Conduct internal penetration testing across applications, infrastructure, and end user devices (EUDs), including POISE and MacBook platforms.
• Perform scenario-based testing aligned with SbD principles and DSA security non-functional requirements.
• Collaborate with development teams to integrate findings into JIRA workflows for rapid remediation.
• Support the testing pipeline, including planning, execution, and reporting of penetration tests.
• Maintain compliance with NCSC guidance and Home Office security standards.

• Certifications: OSCP, CREST CRT, CTL Web/Inf, CEH.
• Experience with cloud security (AWS, Azure) and containerised environments.

• Hands‑on experience with penetration testing tools.
• Strong understanding of OWASP, NIST SP 800‑53, ISO 27001, and CIS Benchmarks.
• Familiarity with Secure‑by‑Design principles and CI/CD pipeline integration.
• Experience testing EUDs under operational constraints (e.g. no destructive tools, CSOC coordination).
• Ability to interpret and apply security NFRs across diverse environments.
• Proficiency in JIRA, SharePoint, and vulnerability management platforms.

• Strong stakeholder engagement and communication skills.
• Ability to work independently and as part of cross‑functional teams.
• Commitment to continuous improvement and knowledge sharing.

Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Successful applicants will be required to be security cleared prior to appointment, which can take up to a minimum 10 weeks.