đPenetration Tester â Infrastructure Focus
đ Location: London preferred (Hybrid)
đž Salary: ÂŁ70,000 â ÂŁ105,000 (London)
đ§ Level: Senior Consultant to Principal Consultant (SCâPC)
â± Flexible hybrid model | High-trust culture | Mission-critical work
đ§The Opportunity
Join a high-impact consultancy at the forefront of innovation and digital transformation. Youâll be part of a specialist team deliveringcritical infrastructure penetration testsacross some of the mostsensitive environments in the UKâ from defence and national security to critical infrastructure and operational technology.
This isnot a web application role. Weâre looking for an infrastructure-focused penetration tester with the technical confidence and consultancy mindset to work independently, lead engagements, and deliver real-world impact.
If you want to push beyond checklists and automated scans and intodeep, hands-on testingâ this is the place to do it.
đ§What Youâll Be Doing
- Deliver end-to-end infrastructure and internal network testing (Active Directory, internal corporate networks, etc.)
- Identify and exploit vulnerabilities across complex environments with minimal documentation
- Communicate technical findings through clear written reports and debriefs to a range of stakeholders
- Support sensitive clients operating in production environments â where mistakes matter
- Contribute to tooling, methodologies, and continuous improvement of team capability
- Engage with a technical and non-technical audience, acting as a trusted security advisor
đ§ What You Bring
Core Skills:
- 4+ years of penetration testing experience (infrastructure/internal focus)
- Strong hands-on expertise with Active Directory attacks, lateral movement, and privilege escalation
- Experience navigating live and legacy production systems
- Comfortable in Windows and Linux command-line environments
Desirable:
- Python scripting or automation experience
- Familiarity with OT (Operational Technology) networks
- Experience with tools like CrackMapExec, BloodHound, PowerView, etc.
Certifications (a bonus, not a barrier):
- CREST CTM, CTL, CSTM, Cyber Scheme Practitioner
- OSCP
- Lapsed certifications are fine if practical skills are strong
đ„Team & Work Environment
- Tight-knit, high-performing team (2â3 people) with deep trust and autonomy
- Remote-first culture (approx. 80% remote) with flexibility for client needs (up to 2 days per week on-site if required)
- Fast-paced environment with complex technical challenges
- Expect to hit the ground running â support is there, but this is a role for a self-starter
