Lead Penetration Tester

🔐Penetration Tester – Infrastructure Focus

📍 Location: London preferred (Hybrid)

💸 Salary: £70,000 – £105,000 (London)

🧠 Level: Senior Consultant to Principal Consultant (SC–PC)

⏱ Flexible hybrid model | High-trust culture | Mission-critical work

🧭The Opportunity

Join a high-impact consultancy at the forefront of innovation and digital transformation. You’ll be part of a specialist team deliveringcritical infrastructure penetration testsacross some of the mostsensitive environments in the UK— from defence and national security to critical infrastructure and operational technology.

This isnot a web application role. We’re looking for an infrastructure-focused penetration tester with the technical confidence and consultancy mindset to work independently, lead engagements, and deliver real-world impact.

If you want to push beyond checklists and automated scans and intodeep, hands-on testing— this is the place to do it.

🔧What You’ll Be Doing

• Deliver end-to-end infrastructure and internal network testing (Active Directory, internal corporate networks, etc.)
• Identify and exploit vulnerabilities across complex environments with minimal documentation
• Communicate technical findings through clear written reports and debriefs to a range of stakeholders
• Support sensitive clients operating in production environments — where mistakes matter
• Contribute to tooling, methodologies, and continuous improvement of team capability
• Engage with a technical and non-technical audience, acting as a trusted security advisor

🧠What You Bring

Core Skills:

• 4+ years of penetration testing experience (infrastructure/internal focus)
• Strong hands-on expertise with Active Directory attacks, lateral movement, and privilege escalation
• Experience navigating live and legacy production systems
• Comfortable in Windows and Linux command-line environments

Desirable:

• Python scripting or automation experience
• Familiarity with OT (Operational Technology) networks
• Experience with tools like CrackMapExec, BloodHound, PowerView, etc.

Certifications (a bonus, not a barrier):

• CREST CTM, CTL, CSTM, Cyber Scheme Practitioner
• OSCP
• Lapsed certifications are fine if practical skills are strong

👥Team & Work Environment

• Tight-knit, high-performing team (2–3 people) with deep trust and autonomy
• Remote-first culture (approx. 80% remote) with flexibility for client needs (up to 2 days per week on-site if required)
• Fast-paced environment with complex technical challenges
• Expect to hit the ground running – support is there, but this is a role for a self-starter