Penetration Tester

A leading financial services firm is looking for a skilled and detail-oriented Penetration Tester to join their Information Security team in London. This hands-on role is ideal for someone with strong technical expertise and the ability to clearly communicate findings to both technical teams and senior stakeholders.

Position Overview:

In this role, you will play a key part in assessing and strengthening the organisation's security posture. You'll be responsible for identifying vulnerabilities, testing defences, and ensuring alignment with internal policies and industry standards.

Key Responsibilities:

• Conduct comprehensive penetration tests across infrastructure, in-house applications, cloud environments, and critical business processes.
• Use both technical attack vectors and social engineering techniques to evaluate security resilience.
• Perform vulnerability assessments and manual exploitation to validate identified risks.
• Evaluate the effectiveness of key security controls, including IAM, endpoint protection, cloud configurations, and DLP.
• Design and execute audit plans and testing procedures based on risk priorities and best practices.
• Produce clear, actionable reports tailored to both technical and non-technical audiences, including executive summaries.
• Present findings and risk assessments to stakeholders, including senior leadership.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Proven experience in penetration testing, vulnerability assessment, and security auditing.
• Strong understanding of attack vectors, exploitation techniques, and social engineering.
• Hands-on experience with tools such as Burp Suite, Nessus, Metasploit, Nmap, and Wireshark.
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
• Experience securing infrastructure, applications, cloud environments, and endpoints.
• Knowledge of IAM, endpoint protection, cloud security, and DLP technologies.
• Strong analytical and communication skills, with the ability to tailor messaging for different audiences.
• Experience producing audit documentation and risk assessments for senior stakeholders.
• Relevant certifications such as OSCP, OSCE, CREST, CISSP, CISM, CEH, or equivalent.
• Excellent interpersonal skills and a collaborative approach to working across teams.