Penetration Tester

Penetration Tester

Permanent – up to £85k per annum

London based – hybrid working – 2-3 days office based (negotiable)

Must have CREST CRT

Role Overview:

We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus understanding on threat intelligence and attack methods. The ideal candidate will be responsible for managing and conducting advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across a variety of environments, including OT, IT, web applications, cloud infrastructure, and APIs. This role requires a deep understanding of adversarial approaches, excellent communication skills, and the ability to provide strategic and actionable recommendations to significantly enhance our clients' security posture.

Responsibilities:

• Lead and manage the full lifecycle of complex penetration testing engagements, applying a strong threat intelligence-led approach.
• Execute advanced penetration tests across a broad range of environments (applications, infrastructure, web, APIs, O365, Azure, AWS, OT), directly applying your knowledge of current threat landscapes and attacker TTPs.
• Develop and maintain sophisticated test plans, execution plans, and targeted use cases directly informed by in-depth threat intelligence analysis.
• Identify and prioritize OT and IT assets, services, and systems based on their criticality and potential exposure to identified threats.
• Strategically prioritize, plan, and schedule penetration testing engagements based on comprehensive threat assessments and client-specific requirements.
• Produce high-quality, detailed reports that clearly articulate technical findings, potential business impact, and strategic, actionable remediation recommendations for both technical and non-technical stakeholders.
• Clearly and effectively communicate complex security concepts, adversarial tactics, and critical threat intelligence insights to diverse audiences.
• Collaborate closely with client IT and cybersecurity teams to drive the enhancement of security protocols and ensure effective, threat-informed remediation of identified vulnerabilities.
• Track the progress of remediation efforts and provide regular, concise updates to stakeholders, highlighting the reduction of identified threats.
• Conduct proactive security research and contribute to the creation of technical content on emerging threats, advanced attack techniques, and threat intelligence-led testing methodologies.
• Contribute to strengthening security monitoring (blue team) capabilities by providing valuable insights into offensive techniques and adversarial behaviours to enhance detection and response effectiveness.
• Drive the patching regime for identified vulnerabilities, prioritizing remediation efforts based on threat intelligence and the potential for exploitation by advanced threat actors.

Skills and Qualifications:

• Minimum of 5 years of demonstrable professional experience in penetration testing, with a strong emphasis on understanding, emulating, and leveraging adversarial tactics and threat intelligence.
• Comprehensive understanding of OT and IT asset profiles, technologies, and security best practice principles, with a proven ability to contextualize them within the current threat landscape.
• In-depth knowledge of network protocols, cryptography, security vulnerabilities, and common attack vectors employed by sophisticated threat actors.
• Demonstrated proficiency in utilizing a wide range of penetration testing tools and methodologies, including those specifically used for threat intelligence analysis and application.
• Proven experience in scoping and executing complex penetration tests, particularly those directly informed and driven by threat intelligence.
• Exceptional written and verbal communication skills, with the ability to articulate complex technical findings and nuanced threat intelligence insights clearly and concisely to diverse audiences.
• Strong organizational and time management skills, with a proven ability to effectively manage and prioritize multiple concurrent engagements.
• Current CREST CRT certification or higher is essential.

Desirable Skills:

• Experience with Breach Attack Simulation tools and methodologies.
• Experience in Vulnerability Management processes and integrating threat intelligence.
• Understanding of Risk Management frameworks and how threat intelligence informs risk assessments.
• Hands-on experience with security reviews of AWS, Azure, and GCP environments, incorporating cloud-specific threats.
• Experience with ISO 27001 auditing/implementation, understanding the role of threat intelligence in compliance.
• Other advanced cybersecurity certifications such as CISM, CISSP, ECSA, CREST CCT.