Penetration Tester

Our client is a Digital Transformation and Cyber Security Consultancy and are currently looking for a Penetration Tester to join their dynamic team! They offer innovative digital and cyber security solutions to their clients who are from the public and private sectors. You’ll be working on interesting large-scale Government and private sector projects.

ROLE OBJECTIVE

We are seeking a highly skilled Penetration Tester with a strong background in penetration testing and network security. This role is ideal for a cybersecurity professional with experience in identifying, assessing, and mitigating security risks across various platforms. The consultant will play a critical role in evaluating and strengthening our clients’ cybersecurity postures by conducting in-depth security assessments, vulnerability analysis, and developing comprehensive security strategies.

RESPONSIBILITIES

• Conduct comprehensive penetration tests, vulnerability assessments, and security audits to identify risks and ensure compliance with industry best practices.
  
  
• Provide expert recommendations and solutions to mitigate identified vulnerabilities, enhancing client systems’ security postures.
  
  
• Investigate alerts and suspicious activity to determine if an incident has occurred.
  
  
• Contain affected systems and networks to prevent the incident from spreading.
  
  
• Implement temporary measures to mitigate the impact of the incident.
  
  
• Work with other teams, such as IT and security operations, to develop and implement a containment strategy.
  
  
• Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.
  
  
• Document and report incidents to the incident response team and other relevant stakeholders.
  
  
• Develop and implement security plans, policies, and training to prepare the organization to respond efficiently and effectively to cyber threats.
  
  
• Travel to various client locations when required (potential international travel) and deliver high quality solutions (e.g. OT testing or other IT services).
  
  
• Collaborate with client teams to develop, document, and implement security policies, standards, and guidelines aligned with industry standards (e.g., ISO 27001, NIST).
  
  
• Assist in the deployment, configuration, and management of security infrastructure and technologies, including firewalls, intrusion detection/prevention systems, and secure network architectures.
  
  
• Provide guidance and support on Azure security practices, leveraging expertise in Microsoft Azure security frameworks and best practices.
  
  
• Stay updated with the latest cybersecurity threats, trends, and regulatory changes, proactively advising clients on necessary adjustments to their security strategies.
  
  
• Produce detailed and accurate reports on penetration testing findings, including risk levels, remediation steps, and strategic recommendations.
  
  EXPERIENCE:
  
  
• Minimum of 4+ years of experience in cybersecurity, specifically in penetration testing and Incident Response, vulnerability management, and risk assessment.
  
  
• Public Sector experience, ideally MOD, MOJ,
  
  
• Must be SC clearable.
  
  
• Proven hands-on experience with tools such as Metasploit, Burp Suite, Nessus, and Wireshark.
  
  
• Strong understanding of network protocols, firewall configurations, and secure network design.
  
  
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) to automate tasks and streamline processes.
  
  
• Hands-on experience of vulnerability assessments, Incident response, penetration testing, threat hunting and compromise assessment.
  
  
• Experience collaborating with Sales teams as a pre-sale’s cyber security consultant.
  
  
• Experience working in Energy or Construction industry projects is a plus.
  
  
• Experience in writing technical proposals along with other teams to deliver robust statement of works for client sign off.
  
  CERTIFICATIONS:
  
  CCNP/CCNA is nice to have.
  
  CREST/OSCP is nice to have.
  
  Microsoft and/or other cloud providers.
  
  ISO 27001 Lead auditor is a nice to have.
  
  SKILLS:
  
  
• Working knowledge of cloud security architecture, specifically within Azure (or other Cloud platforms).
  
  
• Familiarity with security frameworks and compliance standards such as NIST, GDPR, PCI-DSS, DESC ISR.
  
  
• Strong problem-solving skills, with the ability to think creatively to solve complex security challenges.
  
  BENEFITS:
  
  Competitive Salary: Base salary commensurate with experience, plus performance-based incentives.
  
  Career Progression: Clear pathways for career development and progression within the company.
  
  Training & Development: Ongoing training and development opportunities to help you grow in your role.Supportive Culture: Join a collaborative, friendly, and ambitious team that values work-life