If you need support in completing the application or if you require a different format of this document, please get in touch with at or call TCS London Office number with the subject line: “Application Support Request”
Role: Internal Pentester
Job Type: Permanent
Location: London, UK
Mode of working: Hybrid (2/3 days WFO)
Number of hours: 40 hours per week – full time
Do you look forward to applying your expertise in cybersecurity and computer systems, networks, and applications?
We have an exciting opportunity for you - Internal Pentester!
Careers at TCS: It means more
TCS is a purpose-led transformation company, built on belief. We do not just help businesses to transform through technology. We support them in making a meaningful difference to the people and communities they serve - our clients include some of the biggest brands in the UK and worldwide. For you, it means more to make an impact that matters, through challenging projects which demand ambitious innovation and thought leadership.
- Gain access to endless learning opportunities.
- Lead projects and inspire both colleagues and stakeholders.
- Lead a team and their technical growth.
The Role
As an Internal Pentester, you will perform manual and automated penetration tests on networks, systems, web applications, and endpoints. You will identify, exploit, and document security vulnerabilities to assess an organization’s risk exposure. Moreover, you will be developing detailed reports with findings, impact analysis, and actionable remediation recommendations, and simulating real-world attacks to test the effectiveness of existing security controls and incident response. A successful candidate should keep up to date with the latest vulnerabilities, exploit techniques and penetration testing tools in general and more specific to the airline industry, and transportation sector.
Your responsibilities:
- Performing IaC Automation and ServiceNow integrations to automate AWS Service catalogues.
- Planning and conducting the full-scope penetration tests of applications, APIs, internal infrastructure, networks, cloud environments.
- Perform internal and external network testing, AD enumeration and abuse, and privilege escalation.
- Identifying potential weaknesses in systems, networks, and applications through various methods, including automated scanning and manual analysis.
- Employing the techniques and tools that malicious hackers might use to test the resilience of systems and identify vulnerabilities.
- Identify flaws such as insecure authentication, authorization bypass, input validation issues, cloud misconfigurations, AD misuses, etc.
- Create detailed reports, providing actionable advice to clients on how to address the identified vulnerabilities and improve their security posture; outlining identified vulnerabilities, their potential impact, and recommended remediation steps: including executive summaries and technical findings
- Collaborate with development, cloud, and infrastructure teams on remediation
- Test and review cloud security (AWS/Azure/GCP) IAM, storage, networking, etc.
Your Profile
Essential skills/knowledge/experience:
- Strong application security background (OWASP Top 10, API security).
- Experience in penetration testing, red teaming, or offensive security.
- Proven experience conducting end-to-end pentests (internal, external, cloud, AD, web app, API).
- Familiarity with common pentest reporting formats (CVSS, MITRE ATT&CK mapping).
- Experience working in both waterfall and agile environments.
- Comfort with NDA-restricted, compliance-driven, or sensitive environments.
- Strong reporting skills for both technical and executive audiences.
- Familiarity with cryptographic principles and techniques.
- Ability to write scripts (Python, Shell, Bash) for automation and exploit development.
- Knowledgeable of Windows, Linux, Active Directory, Entra ID / Azure AD, VPNs, VLANs infrastructure.
- Experience with cloud platforms e.g., AWS, Azure, GCP.
- Skilled in Reconnaissance and Infrastructure Tools e.g., Nmap, Nessus, Masscan, Amass, Recon-ng.
- Experience with Exploitation e.g., Metasploit, ExploitDB, Cobalt Strike, Empire, Mimikatz.
- Hands-on experience with Web App Tools e.g., Burp Suite, ZAP, Nikto, SQLmap.
- Knowledge of Cloud Tools e.g., ScoutSuite, CloudSploit, Pacu.
Desirable skills:
- Exceptional Customer engagement and reporting skills.
- Proven use of modern security tooling in real-world projects.
- Experience in agile delivery teams and cross-functional collaboration.
- Exceptional analytical, problem-solving, and troubleshooting abilities.
- Comfortable documenting technical findings and engaging in remediation cycles.
- OSCP, OSWA, OSEP, OSCE, CRTP, CRTE, GPEN, GXPN, eCPPT.
- AWS or Azure Security certifications.
- Advanced AD, Cloud, or Red teaming trainings (e.g., SANS, HackTheBox Pro Labs)
Rewards & Benefits:
TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension, health care, life assurance, laptop, phone, access to extensive training resources and discounts within the larger Tata network.
We offer health & wellness initiatives and sports events; we are the proud sponsor of the London Marathon.
Diversity, Inclusion and Wellbeing :
Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the UK Equality Act 2010 and the UK Human Rights Act 1998.
We welcome and embrace diversity in race, nationality, ethnicity, disability, neurodiversity, gender identity, age, physical ability, gender reassignment, sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role.
As a Disability Confident Employer, we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email us at if you would like to opt in.
If you are an applicant who needs any adjustments to the application process or interview, please contact us at with the subject line: “Adjustment Request” or call TCS London Office / to request an adjustment. We welcome requests prior to you completing the application and at any stage of the recruitment process.
Next Steps:
Application Process:
- Online application: You can apply directly through LinkedIn/ by uploading your CV. In case you wish to submit your application via another format like audio/video, please, contact -
- Skill-Based discussion: This will be a level 1 interview with the project team, it can be via video or in-person. Details will be confirmed by your recruiter.
- Managerial discussion: This discussion will focus on behavioral aspects and person-organisation fit.
- HR Discussion: This will be with one of the members of the HR team and will cover your career journey, aspirations for growth, compensation and any other questions you may have.
Beware of Fraudulent offers
This is to notify you that TCS does not ask for any sort of payment or security deposit from candidates at any stage of the recruitment process. The firm never sends out job offers from free internet email services like Gmail, Yahoo Mail, and so on. TCS has not authorised any third-party company to collect money on their behalf. As a vigilant job seeker, beware of fraudulent recruitment activity and protect your interests! You can write to to report any fraudulent activity.
Due to the high volume of applications, we will be unable to contact each applicant individually on the status of their application. If you have not received a direct response within 30 days, then it should be deemed unsuccessful on this occasion.
Join us and do more of what matters. Apply online now.
