Penetration Tester

Join us as a Penetration Tester, to help protect our organisation and clients by identifying, validating, and clearly communicating security vulnerabilities before they can be exploited. This role sits within a collaborative security testing team and focuses on delivering high‑quality web, network, mobile, and client application assessments across a range of projects, while working closely with stakeholders to turn findings into meaningful action.

• Holding a CREST qualification (or equivalent), or working towards one.
• Delivering end‑to‑end penetration testing across web, network, and mobile environments.
• Engaging with stakeholders, contributing to Statements of Work (SoW), and producing clear, actionable security reports.

• Participation in the penetration testing or wider security community (for example bug hunting, Hack The Box, CTFs, or hackathons).
• Exposure to client or thick application testing and experience working to agreed project timelines.
• An interest in emerging areas such as AI security testing, and familiarity with scripting or programming (no specific languages required).

This role will be based in Manchester.

To identify potential vulnerabilities within the banks IT systems using penetration testing tools and techniques to ensure security of computer systems, applications, servers, and networks.

• Development and execution of assessments, audits, and threat models to identify vulnerabilities within the banks systems, applications and servers using penetration tools and techniques, and communicate key findings and recommendations to stakeholders.
• Collaboration with stakeholders and IT teams to identify emerging cyber-attack techniques, tools and technologies and to support the development of penetration testing methodologies.
• Development and maintenance of comprehensive documents and reports for senior stakeholders on penetration test findings, and remediation guidance.
• Collaboration with stakeholders to understand their security requirements and controls in business processes, application/services, to enhance overall security posture and assurance.
• Identification of emerging vulnerabilities, exploit codes and cyber-attacks to develop testing methodologies and assurance activities.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.