Penetration Tester

Role: Internal Pentester

Job Type: Permanent

Location: London, UK

Mode of working: Hybrid (2/3 days WFO)

Number of hours: 40 hours per week – full time

We have an exciting opportunity for you - Internal Pentester. You will perform manual and automated penetration tests on networks, systems, web applications, and endpoints, identify and document security vulnerabilities, and develop detailed reports with findings, impact analysis, and actionable remediation recommendations. You will simulate real-world attacks to test the effectiveness of existing security controls and incident response, and stay up to date with vulnerabilities and penetration testing tools relevant to the airline and transportation sector.

• Perform full-scope penetration tests of applications, APIs, internal infrastructure, networks, and cloud environments.
• Conduct internal and external network testing, AD enumeration and abuse, and privilege escalation.
• Identify weaknesses in systems, networks, and applications using automated scanning and manual analysis.
• Use techniques and tools that malicious hackers might employ to test resilience and identify vulnerabilities.
• Identify flaws such as insecure authentication, authorization bypass, input validation issues, cloud misconfigurations, and AD misuses.
• Create detailed reports with actionable remediation recommendations, including executive summaries and technical findings.
• Collaborate with development, cloud, and infrastructure teams on remediation efforts.
• Test and review cloud security (AWS/Azure/GCP) IAM, storage, networking, etc.

Essential skills/knowledge/experience:

• Strong application security background (OWASP Top 10, API security).
• Experience in penetration testing, red teaming, or offensive security.
• Proven experience conducting end-to-end pentests (internal, external, cloud, AD, web app, API).
• Familiarity with common pentest reporting formats (CVSS, MITRE ATT&CK mapping).
• Experience working in both waterfall and agile environments.
• Comfort with NDA-restricted, compliance-driven, or sensitive environments.
• Strong reporting skills for technical and executive audiences.
• Familiarity with cryptographic principles and techniques.
• Ability to write scripts (Python, Shell, Bash) for automation and exploit development.
• Knowledge of Windows, Linux, Active Directory, Entra ID / Azure AD, VPNs, VLANs infrastructure.
• Experience with cloud platforms e.g., AWS, Azure, GCP.
• Skilled in Reconnaissance and Infrastructure Tools (e.g., Nmap, Nessus, Masscan, Amass, Recon-ng).
• Experience with Exploitation (e.g., Metasploit, ExploitDB, Cobalt Strike, Empire, Mimikatz).
• Hands-on experience with Web App Tools (e.g., Burp Suite, ZAP, Nikto, SQLmap).
• Knowledge of Cloud Tools (e.g., ScoutSuite, CloudSploit, Pacu).
• Exceptional customer engagement and reporting skills.
• Proven use of modern security tooling in real-world projects.
• Experience in agile delivery teams and cross-functional collaboration.
• Exceptional analytical, problem-solving, and troubleshooting abilities.
• Comfortable documenting technical findings and engaging in remediation cycles.
• Certifications: OSCP, OSWE, OSEP, OSCE, CRTP, CRTE, GPEN, GXPN, eCPPT; AWS or Azure Security certifications.
• Advanced AD, Cloud, or Red team trainings (e.g., SANS, HackTheBox Pro Labs).

TCS is a purpose-led transformation company with competitive salary packages including pension, health care, life assurance, laptop, phone, and access to extensive training resources. We offer health & wellness initiatives and participate in events such as the London Marathon. We are committed to diversity, inclusion and wellbeing, and comply with the UK Equality Act 2010 and the UK Human Rights Act 1998. We are a disability-inclusive employer and welcome applicants with disabilities. As a Disability Confident Employer, we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role.

Adjustments to the application process can be requested by emailing with the subject line: “Adjustment Request” or by calling the TCS London Office at or .

• Online application: Apply through LinkedIn or by uploading your CV. For other formats (e.g., audio/video), contact .
• Skill-Based discussion: Level 1 interview with the project team (video or in-person).
• Managerial discussion: Focus on behavioral aspects and fit.
• HR Discussion: Cover career journey, growth, compensation, and questions.

Fraud notice: TCS does not ask for payment or security deposits at any stage. Be wary of fraudulent offers and report suspicious activity to .