Penetration Tester – Offensive Security

We are looking for a certified Penetration Tester to join our client’s cybersecurity team and help safeguard critical systems through simulated attacks and red team assessments. You’ll be responsible for identifying vulnerabilities across networks, applications, and cloud infrastructure, and providing actionable insights to reduce risk exposure.

Ideal candidates have deep experience in offensive security, a strong understanding of exploits and security protocols, and a drive to continuously evolve with today’s fast-moving threat landscape.

• Plan, execute, and report on penetration tests across networks, web applications, APIs, mobile, and cloud environments.
• Conduct red team engagements including simulated phishing, social engineering, and physical security assessments.
• Identify, document, and prioritize vulnerabilities and misconfigurations.
• Use both manual techniques and automated tools (e.g. Burp Suite, Metasploit, Nmap).
• Collaborate with blue team and remediation teams to harden systems.
• Produce detailed technical reports and executive summaries for stakeholders.
• Stay up to date with the latest exploits, vulnerabilities (CVEs), and threat actor tactics.

• Strong proficiency in penetration testing tools (e.g. Kali Linux, Burp Suite, Metasploit, Nmap, Wireshark).
• Experience with OWASP Top 10 vulnerability scanning and exploit development.
• Familiarity with MITRE ATT&CK framework and red team methodology.
• Solid knowledge of TCP/IP firewalls, DNS, HTTP/HTTPS, and encryption protocols.
• Strong reporting and communication skills.
• At least one industry certification (OSCP, CEH, CREST CRT, or similar).

Required Skills: In-depth knowledge of ISO 27001, NIST CSF, GDPR, and risk management frameworks; experience performing security risk assessments, internal audits, and compliance reviews; strong understanding of cybersecurity controls, regulatory mandates, and business risk alignment; excellent client communication, stakeholder management and reporting skills; familiarity with GRC platforms (e.g. RSA Archer, ServiceNow, GRC LogicGate); Desired Skills: Certifications such as CISM, CRISC, ISO 27001 Lead Auditor or similar; experience working with financial services, healthcare, or SaaS industries; understanding of emerging regulations (e.g. DORA, NIS2, AI Act); cloud compliance knowledge (e.g. CSA CCM, AWS / Azure / GCP compliance); familiarity with SOC 2, PCI DSS, HIPAA frameworks.

• Scripting skills in Python, PowerShell, or Bash.
• Experience with cloud security testing (AWS, Azure, GCP).
• Familiarity with CI/CD environments and DevSecOps.
• Exposure to purple teaming or adversary emulation.
• Knowledge of physical security and social engineering tactics.

• Competitive salary, performance bonus.
• Paid training and certification reimbursement (OSCP, CREST, etc.).
• 25 days holiday, bank holidays.
• Private healthcare, mental health support.
• Fully remote or hybrid working options.
• Company-funded attendance at security conferences (DEF CON, Black Hat, etc.).

Employment Type: Full Time

Experience: years

Vacancy: 1

Yearly Salary: 70000 - 95000