Mid-Level Penetration tester

Job Title:
Penetration Tester

Role:
An exciting opportunity for a mid-level Penetration Tester to join a dynamic and collaborative security consultancy based in London. This role is ideal for a proactive individual with a hacker’s mindset and broad security testing experience across applications, networks, cloud platforms, and more.

You'll be a key player in delivering high-quality penetration tests while also supporting client advisory, team development, and process improvement.

What’s in it for you?

Autonomy and ownership in conducting diverse penetration testing engagements.

Ongoing professional development with access to industry events and training.

A positively charged work environment with flexibility for hybrid working post-probation.

Responsibilities:

Conduct web, mobile, API, infrastructure, cloud, and wireless penetration testing.

Create detailed technical reports and deliver test findings directly to clients.

Provide remediation advice and post-assessment consultancy.

Contribute to internal testing methodologies and Red Team/social engineering activities.

Mentor junior team members and support collaborative delivery of projects.

Occasionally support the creation of marketing materials such as research papers and articles.

Skills / Must have:

Strong knowledge of OWASP methodologies and offensive testing across black/grey/white-box approaches.

Proficiency in tools like Burp Suite, Kali, Nmap, Nessus, Qualys, Metasploit.

Familiarity with cloud platform security testing (AWS, Azure, GCP).

Understanding of mobile security (Android & iOS), networking protocols, and the OSI model.

Excellent verbal and written communication skills, especially for client-facing engagements.

Highly organised, analytical, and able to manage multiple projects independently.

Ability to explain technical risks to non-technical stakeholders and C-level executives.

Desirable (“nice to have”) Skills:

Experience with programming, databases, and IoT security.

Exposure to CI/CD security, Docker/container security, and AI/LLM testing.

Hands-on experience with Red Teaming tools (e.g., Cobalt Strike) and social engineering.

Familiarity with bug bounty platforms and vulnerability disclosure best practices.

Benefits:

Competitive salary with regular performance reviews

Annual training and personal development plan

Access to conferences and professional events

Supportive and knowledgeable team culture

Hybrid work flexibility after probation

Salary:
Competitive (dependent on experience)