Penetration Tester Vacancy 

We are actively recruiting for a CREST CRT or OSCP qualified penetration tester to join our UK or Gibraltar based team. This role is for a penetration tester capable of testing web applications, mobile applications, infrastructure and be able to perform phishing testing.

Role Highlights

  • Starting salary of £35,000 rising to £70,000 with boosters

  • Subsidized conference attendance

  • Flexible working

  • Structured planned training

  • 25 days holiday

  • Subsidized personal projects, research and lab time


  • Delivering a range of assessment types including Web Application, API, Mobile and Infrastructure tests.

  • Leading Cyber Essentials and Plus projects for clients.

  • Producing high quality reports to clients that highlight areas of identified weaknesses.

  • Providing advice to clients on remediation routes.

  • Delivering all projects to the very high standards our clients expect.

  • Work with other members of the team to share knowledge and experience, and to find creative ways of solving technical issues.

  • Attending project kickoff calls and meetings to complete the scope for upcoming projects.

  • Assist the sales team in developing competitive proposals that win business.

  • Provide outstanding client support.

Required Experience

  • Absolutely must be CREST CRT or OSCP and CPSA qualified

  • CISSP is desirable

  • The ability to work towards client-led or internal deadlines. 

  • Highly organised approach with an attention to detail.

  • Understanding of the OWASP Top 10 and how these vulnerabilities can be exploited.

  • Must be eligible to work in the UK and/or Gibraltar

  • Must be able to travel and be happy spending 40% of working time away from home

  • Excellent English skills and the ability to write perfect test reports

  • Able to mentor and support junior members of the team

  • Have a desire and drive to actively engage in research and publication

Personal Qualities:

  • A creative approach to performing thorough proven-method tests.

  •  Excellent verbal and written communication skills, and the ability to write strong technical reports.

  • An articulate and confident presentation style.

  • The ability to explain how exploits were successful, and how a client could remediate the vulnerabilities raised during an assessment.

  • Highly professional and dependable.

Desired Experience:

  • Knowledge of hardware and embedded system security.

  • Red teaming experience.

  • Ability to carry out cloud security assessments on AWS, Google Cloud or Azure.