Penetration Tester

Penetration Tester (Junior–Mid Level) - UK remote - £30,000 - £60,000

Opus is partnered with a specialist cyber security consultancy renowned for delivering high‑impact penetration testing, red‑team engagements, and advanced security assessments to clients across finance, government, defence, and enterprise sectors. Due to continued growth, they are seeking a Junior–Mid Level Penetration Tester with exceptional academic credentials and a strong technical foundation.

This role is ideal for someone who has already gained hands‑on experience in offensive security—either commercially or through structured labs, CTFs, or research—and is ready to accelerate their career within a consultancy that invests heavily in technical development.

Key Responsibilities

• Conduct penetration tests across web applications, APIs, mobile applications, cloud environments, and internal/external infrastructure.
• Support red‑team and adversary simulation engagements under senior guidance.
• Produce clear, detailed, and actionable technical reports for clients.
• Present findings to both technical and non‑technical stakeholders.
• Contribute to internal research, tooling, and methodology development.
• Stay current with emerging vulnerabilities, exploitation techniques, and security trends.
• Work collaboratively with senior testers and consultants to deliver high‑quality engagements.

Essential Skills & Experience

• Minimum Academic Requirement - First‑Class Honours in Computer Science -This requirement is non‑negotiable due to the technical depth and analytical rigour expected by the consultancy.
• Strong understanding of offensive security principles, vulnerabilities, and exploitation techniques.
• Experience with common tools such as Burp Suite, Nmap, Metasploit, Kali Linux, and associated frameworks.
• Knowledge of web technologies (HTTP, REST, authentication flows, common web vulnerabilities).
• Familiarity with OWASP Top 10, MITRE ATT&CK, and secure coding concepts.
• Ability to analyse and break down complex technical systems.
• Strong written communication skills, particularly in producing structured technical reports.
• Demonstrable passion for cyber security—e.g., CTFs, Hack The Box, TryHackMe, personal research, GitHub projects.

Desirable

• Industry certifications (e.g., OSCP, OSWE, CRT, eJPT, eCPPT).
• Exposure to cloud security testing (Azure, AWS, GCP).
• Scripting or programming experience (Python, Bash, PowerShell, JavaScript, etc.).
• Experience in mobile application testing (iOS/Android).
• Understanding of Active Directory attack paths and privilege escalation.

What the Consultancy Offers

• Mentorship from highly experienced penetration testers and red‑team operators.
• Funded training, certifications, and structured development pathways.
• Exposure to diverse, challenging client environments.
• A collaborative, research‑driven culture that encourages innovation.
• Clear progression routes from junior to senior consultant.