1 to 25 of 66 Penetration Testing Jobs in London

Penetration Tester Permanent – up to £85k per annum London based – hybrid working – 2-3 days office based Must have CHECK CTL and certified Role Overview: We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus understanding on threat intelligence and attack methods. The ideal candidate will be responsible for managing and conducting advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across a variety of environments, including OT, IT, web applications, cloud infrastructure, and APIs. This role requires a deep understanding of adversarial approaches, excellent communication skills, and the ability to provide strategic and actionable recommendations to significantly enhance our clients' security posture. Responsibilities: Lead and manage the full … lifecycle of complex penetration testing engagements, applying a strong threat intelligence-led approach. Execute advanced penetration tests across a broad range of environments (applications, infrastructure, web, APIs, O365, Azure, AWS, OT), directly applying your knowledge of current threat landscapes and attacker TTPs. Develop and maintain sophisticated test plans, execution plans, and targeted use cases directly informed by More ❯

Penetration Tester Permanent – up to £85k per annum London based – hybrid working – 2-3 days office based Must have CHECK CTL and certified Role Overview: We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus understanding on threat intelligence and attack methods. The ideal candidate will be responsible for managing and conducting advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across a variety of environments, including OT, IT, web applications, cloud infrastructure, and APIs. This role requires a deep understanding of adversarial approaches, excellent communication skills, and the ability to provide strategic and actionable recommendations to significantly enhance our clients' security posture. Responsibilities: Lead and manage the full … lifecycle of complex penetration testing engagements, applying a strong threat intelligence-led approach. Execute advanced penetration tests across a broad range of environments (applications, infrastructure, web, APIs, O365, Azure, AWS, OT), directly applying your knowledge of current threat landscapes and attacker TTPs. Develop and maintain sophisticated test plans, execution plans, and targeted use cases directly informed by More ❯

Principal Offensive Security Consultant £100k Location: Hybrid (2 days per month in London) Salary: £80,000 - £100,000 + benefits Are you a Senior Offensive Security Consultant or Principal Penetration Tester ready to take the next step into Red Teaming and Adversarial Simulation ? This is your opportunity to join an agile, rapidly growing UK cyber security consultancy where you … to research and tooling that truly make an impact. About the Role As a Senior/Principal Offensive Consultant , you'll lead complex technical engagements that go beyond standard penetration testing - focusing on advanced exploitative infrastructure testing , Active Directory compromise , and assumed breach assessments . You'll work directly with clients to scope, plan, and deliver high … impact projects, while helping to expand the organisation's Red Team and adversarial simulation services . Key Responsibilities: Lead and deliver high-level infrastructure and Active Directory penetration testing engagements. Conduct advanced exploitative testing , lateral movement analysis, and privilege escalation within real-world environments. Support presales activity - crafting scopes, proposals, and technical solutions aligned with client objectives. More ❯

Principal Offensive Security Consultant £100k Location: Hybrid (2 days per month in London) Salary: £80,000 - £100,000 + benefits Are you a Senior Offensive Security Consultant or Principal Penetration Tester ready to take the next step into Red Teaming and Adversarial Simulation This is your opportunity to join an agile, rapidly growing UK cyber security consultancy where you … to research and tooling that truly make an impact. About the Role As a Senior/Principal Offensive Consultant , you'll lead complex technical engagements that go beyond standard penetration testing - focusing on advanced exploitative infrastructure testing , Active Directory compromise , and assumed breach assessments . You'll work directly with clients to scope, plan, and deliver high … impact projects, while helping to expand the organisation's Red Team and adversarial simulation services . Key Responsibilities: Lead and deliver high-level infrastructure and Active Directory penetration testing engagements. Conduct advanced exploitative testing , lateral movement analysis, and privilege escalation within real-world environments. Support presales activity - crafting scopes, proposals, and technical solutions aligned with client objectives. More ❯

Simulation (BAS) platforms to build and validate threat scenarios. Strong understanding of adversary tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework, and threat modeling. Hands-on experience with penetration testing tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera. Experience producing threat reports and briefings. Certifications Required or Preferred: Years of relevant experience: 8+ years … of experience in threat intelligence, cybersecurity operations, or penetration testing. Proven ability to collaborate across technical teams, including Red/Blue teams and SO Industry Experience Required or Preferred: Key Soft Skills (e.g Communication, leadership, stakeholder management): Analytical and detail-oriented with a strong sense of curiosity. Collaborative and team-focused, with a proactive approach to cross-functional engagement. … and analyze the global threat landscape to identify emerging risks, adversary tactics, and trends relevant to the organizations business and technology environment. Collaborate with Red Team, Blue Team, and Penetration Testing teams to integrate threat intelligence into testing scenarios using Breach & Attack Simulation (BAS) platforms and enhance defensive strategies. Act as a liaison between threat intelligence and More ❯

analyse the global threat landscape to identify emerging risks, adversary tactics, and trends relevant to the organization's business and technology environment Collaborate with Red Team, Blue Team, and Penetration Testing teams to integrate threat intelligence into testing scenarios using Breach & Attack Simulation (BAS) platforms and enhance defensive strategies Act as a liaison between threat intelligence and … intelligence and offensive security operations Ad hoc requests from your line manager Cyber Security Analyst Ideal Candidate: At least 5 years of experience in threat intelligence, cybersecurity operations, or penetration testing Ability to collaborate across technical teams, including Red/Blue teams and SOC Familiarity with threat intelligence platforms (TIPs), SIEMs, and threat data enrichment tools Experience using … Breach and Attack Simulation (BAS) platforms Strong understanding of adversary tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework, and threat modelling Hands-on experience with penetration testing tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera Experience producing threat reports and briefings Business level fluency in English Japanese, Cantonese, Mandarin language would be advantageous due More ❯

analyse the global threat landscape to identify emerging risks, adversary tactics, and trends relevant to the organization's business and technology environment Collaborate with Red Team, Blue Team, and Penetration Testing teams to integrate threat intelligence into testing scenarios using Breach & Attack Simulation (BAS) platforms and enhance defensive strategies Act as a liaison between threat intelligence and … intelligence and offensive security operations Ad hoc requests from your line manager Cyber Security Analyst Ideal Candidate: At least 5 years of experience in threat intelligence, cybersecurity operations, or penetration testing Ability to collaborate across technical teams, including Red/Blue teams and SOC Familiarity with threat intelligence platforms (TIPs), SIEMs, and threat data enrichment tools Experience using … Breach and Attack Simulation (BAS) platforms Strong understanding of adversary tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework, and threat modelling Hands-on experience with penetration testing tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera Experience producing threat reports and briefings Business level fluency in English Japanese, Cantonese, Mandarin language would be advantageous due More ❯

analyse the global threat landscape to identify emerging risks, adversary tactics, and trends relevant to the organization's business and technology environment Collaborate with Red Team, Blue Team, and Penetration Testing teams to integrate threat intelligence into testing scenarios using Breach & Attack Simulation (BAS) platforms and enhance defensive strategies Act as a liaison between threat intelligence and … intelligence and offensive security operations Ad hoc requests from your line manager Cyber Security Analyst Ideal Candidate: At least 5 years of experience in threat intelligence, cybersecurity operations, or penetration testing Ability to collaborate across technical teams, including Red/Blue teams and SOC Familiarity with threat intelligence platforms (TIPs), SIEMs, and threat data enrichment tools Experience using … Breach and Attack Simulation (BAS) platforms Strong understanding of adversary tactics, techniques, and procedures (TTPs), MITRE ATT&CK framework, and threat modelling Hands-on experience with penetration testing tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera Experience producing threat reports and briefings Business level fluency in English Japanese, Cantonese, Mandarin language would be advantageous due More ❯

effective security controls and countermeasures. Conduct threat modelling exercises to identify potential security risks and vulnerabilities early in the development lifecycle. Conduct in-depth security assessments, code reviews, and penetration testing of applications to identify and mitigate security vulnerabilities. Utilise industry-standard tools and methodologies to assess the security posture of applications and provide actionable recommendations for remediation … person, with the ability to educate and influence on Application Security matters Basic experience in Software Development with any programming language Security Test Management Application Security Assessments Security Assurance Penetration Testing Security Evaluation & Functional Testing Application Security Testing If the above is of interest, please apply with an updated copy of your CV and a member More ❯

and resolve cyber incidents promptly and effectively. Implement and manage security measures including firewalls, encryption, and endpoint protection. Maintain clear documentation of breaches, assessments, and remediation actions. Conduct vulnerability testing, penetration testing, and risk assessments. Collaborate with the IT Security Manager to identify and mitigate network vulnerabilities. Analyse logs from multiple sources to detect and respond to More ❯

and resolve cyber incidents promptly and effectively. Implement and manage security measures including firewalls, encryption, and endpoint protection. Maintain clear documentation of breaches, assessments, and remediation actions. Conduct vulnerability testing, penetration testing, and risk assessments. Collaborate with the IT Security Manager to identify and mitigate network vulnerabilities. Analyse logs from multiple sources to detect and respond to More ❯

and social-engineering assessments Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements - Examples include Terraform and Ansible, custom payload generators/loaders Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving … permission from client stakeholders Lead scoping and services overview conversations with clients for prospective engagements in area of expertise, presenting with credibility and authority, clearly articulating various testing approaches and methodologies to audiences ranging from highly technical to executive personnel Determines processes and procedures to be followed on assignments - On large and complex engagements, lead technical workstreams with guidance … create bypasses to security tools, and weaponize payloads for delivery on social-engineering engagements Demonstrable experience of evasion techniques Strong experience with Active Directory and attack killchain Experience with penetration testing, administering, and troubleshooting major flavours of Linux, Windows, and major cloud IaaS, PaaS, and SaaS providers (i.e., AWS, GCP, and Azure) Experience with scripting and editing existing More ❯

SP800 series, CSF). Conduct risk assessments and vulnerability management activities. Maintain robust security controls across enterprise assets, software, networks, and applications. Support incident response and recovery processes, including penetration testing and audit log management. Deliver training and awareness programs to enhance the organizations security posture. Collaborate with internal and external stakeholders to maintain compliance and manage third … analytical mindset with strong problem-solving skills. Technical Skills: Comprehensive knowledge of security controls, including: Data Protection, Account Management, and Access Control Management. Continuous Vulnerability Management and Incident Response. Penetration Testing and Security Awareness Training. Secure Configuration and Network Monitoring. More ❯

SP800 series, CSF). Conduct risk assessments and vulnerability management activities. Maintain robust security controls across enterprise assets, software, networks, and applications. Support incident response and recovery processes, including penetration testing and audit log management. Deliver training and awareness programs to enhance the organizations security posture. Collaborate with internal and external stakeholders to maintain compliance and manage third … analytical mindset with strong problem-solving skills. Technical Skills: Comprehensive knowledge of security controls, including: Data Protection, Account Management, and Access Control Management. Continuous Vulnerability Management and Incident Response. Penetration Testing and Security Awareness Training. Secure Configuration and Network Monitoring. More ❯

tooling experience. Project snapshot: Analyse and remediate non-compliant firewall rules using Splunk, Tufin, and Checkpoint. Collaborate with stakeholders to implement compliant firewall configurations. Design and execute targeted Pentera penetration testing across large-scale environments. Validate penetration testing findings with Qualys VMDR and recommend mitigation strategies. Lead proxy configuration and traffic management for enterprise servers. Manage More ❯

tooling experience. Project snapshot: Analyse and remediate non-compliant firewall rules using Splunk, Tufin, and Checkpoint. Collaborate with stakeholders to implement compliant firewall configurations. Design and execute targeted Pentera penetration testing across large-scale environments. Validate penetration testing findings with Qualys VMDR and recommend mitigation strategies. Lead proxy configuration and traffic management for enterprise servers. Manage More ❯

to create and deliver security strategies, an information security framework and risk mitigation plans for the company. You’ll be involved in everything from security assessments, threat modelling and penetration testing to triage of security events, ownership of policies and procedures and even working with development and engineering teams to drive application security and DevSecOps. This is the … expert. Requirements: Proven experience as an Information/Cyber Security Analyst (or equivalent) Broad cyber and information security (InfoSec) experience Knowledge of concepts such as ethical hacking, network security, penetration testing and cryptography etc Good understanding of Windows, Cloud (AWS) and IT infrastructure Excellent communication skills More ❯

security strategy, information security framework and risk mitigation activities for the company. You’ll have the chance to be involved in everything from security assessments and threat modelling to penetration testing, coding, triage of security events, ownership of policies and procedures and even working with development and engineering teams to drive application security and DevSecOps - A very varied … Security Manager Experience being the "go to" for InfoSec Extensive and broad cyber and information security (InfoSec) experience Knowledge of concepts such as ethical hacking, network security, application securty, penetration testing and cryptography etc Strong IAM and Risk understanding Good Cloud and DevSecOps knowledge Excellent communication skills More ❯

security strategy, information security framework and risk mitigation activities for the company. You’ll have the chance to be involved in everything from security assessments and threat modelling to penetration testing, coding, triage of security events, ownership of policies and procedures and even working with development and engineering teams to drive application security and DevSecOps - A very varied … Security Manager Experience being the "go to" for InfoSec Extensive and broad cyber and information security (InfoSec) experience Knowledge of concepts such as ethical hacking, network security, application securty, penetration testing and cryptography etc Strong IAM and Risk understanding Good Cloud and DevSecOps knowledge Excellent communication skills More ❯

security architecture and assurance to OFFICIAL and above classifications. Provide specialist advice and knowledge of Public Cloud (Azure, AWS, GCP) cloud-based security architectures. Define and lead external security testing (e.g ITHC) of solutions on the public cloud (Azure, AWS, GCP), cloud native platforms (Docker, Kubernetes, etc.), and Software as a Service (SaaS) solutions. Formulate HMG Information Assurance Risk … across IaaS, PaaS, SaaS and Serverless architectures Implementing Information Security and Privacy Standards and Frameworks (e.g. ISO 27k, NIST800-53, CIS, GDPR) Leading security working groups and external security testing (ITHC, Penetration Testing, etc) of cloud solutions at high HMG classification levels (OFFICIAL required, SECRET desirable) or equivalent in other industries Designing & delivering secure systems & tooling: Working … and principles Working within environments utilising DevOps, DevSecOps, SRE, CI/CD, Infrastructure & Security as Code (Docker, Git, Terraform) Managing technical assessments of security related technologies, vulnerability assessments and penetration tools and techniques Enabling & informing risk-based decisions: Working with higher impact or more complex risks, advising on the impact and whether this is within risk tolerance Understanding and More ❯

Senior Infrastructure Penetration Tester Location: London flexible hybrid Salary: £70,000 – £80,000 We’re hiring on behalf of our client, a growing Penetration Testing Consultancy, for a Senior Infrastructure Penetration Tester to join their elite Testing team. This role is ideal for someone who thrives on deep technical challenges, values autonomy, and enjoys working … in a fast paced and growing environment. What You’ll Be Doing Leading infrastructure penetration tests across complex environments (on prem, cloud, hybrid). Identifying and exploiting vulnerabilities in networks, systems, and configurations. Developing custom tooling and scripts to support testing and reporting. Conducting technical research and publishing internal findings or blogs. Supporting threat modelling and contributing to … detection engineering efforts. Working closely with clients to provide solutions and deliver elite technical assessments. What You Bring Strong hands on experience in infrastructure penetration testing. Ability to work independently and think creatively. Strong consultative experience, ability to work closely with various clients and discuss on both technical and non technical levels. More ❯

Senior Infrastructure Penetration Tester Location: London flexible hybrid Salary: £70,000 – £80,000 We’re hiring on behalf of our client, a growing Penetration Testing Consultancy, for a Senior Infrastructure Penetration Tester to join their elite Testing team. This role is ideal for someone who thrives on deep technical challenges, values autonomy, and enjoys working … in a fast paced and growing environment. What You’ll Be Doing Leading infrastructure penetration tests across complex environments (on prem, cloud, hybrid). Identifying and exploiting vulnerabilities in networks, systems, and configurations. Developing custom tooling and scripts to support testing and reporting. Conducting technical research and publishing internal findings or blogs. Supporting threat modelling and contributing to … detection engineering efforts. Working closely with clients to provide solutions and deliver elite technical assessments. What You Bring Strong hands on experience in infrastructure penetration testing. Ability to work independently and think creatively. Strong consultative experience, ability to work closely with various clients and discuss on both technical and non technical levels. More ❯

Job Title: Senior Penetration Tester (Infrastructure Focus) Location: London (Hybrid/Flexible) Salary: Up to £80,000 + Bonus + Benefits Employment Type: Permanent Overview We are seeking an experienced Senior Penetration Tester with a strong background in infrastructure security testing to join a growing offensive security team. The ideal candidate will have deep technical expertise, the … role in strengthening the organisation's security posture by conducting infrastructure-focused assessments, mentoring junior testers, and influencing remediation strategies. Key Responsibilities Deliver internal and external network and infrastructure penetration tests , including on-premises and cloud-hosted environments Perform testing of Windows & Linux infrastructure, Active Directory, network services, and security appliances Conduct vulnerability exploitation , privilege escalation, and lateral … debriefs Contribute to tooling, methodology enhancement, and internal research initiatives Stay up-to-date with emerging vulnerabilities, exploits, and attacker techniques Required Skills & Experience 3-5+ years' professional penetration testing/offensive security experience Strong understanding of enterprise infrastructure, AD security, networking, and protocols Proficiency with tools such as Nmap, Nessus, Metasploit, BloodHound, Burp Suite, Kali/ More ❯

well as carrying out manual reviews to discover any issues with customer infrastructure and web applications. You'll be pro-active and will have the opportunity within Red Team testing to try anything and everything to outmanoeuvre the defenders and gain access to customer networks. *WFH Policy:* There's a remote interview/onboarding process and the ability to … 2.1 or above in Computer Science, Engineering, Physics or Mathematics; MSc or PhD advantageous * You're OSCP or CRT certified * You have commercial experience with Offensive Security, Red Team testing or Penetration testing * You have a keen interest in Cyber Security and understanding of key concepts and protocols * You can code with any OO programming language (e.g. More ❯

well as carrying out manual reviews to discover any issues with customer infrastructure and web applications. You'll be pro-active and will have the opportunity within Red Team testing to try anything and everything to outmanoeuvre the defenders and gain access to customer networks. WFH Policy: There's a remote interview/onboarding process and the ability to … top tier world university - Computer Science, Engineering, Physics or Mathematics; MSc or PhD advantageous You're OSCP or CRT certified You have commercial experience with Offensive Security, Red Team testing or Penetration testing You have a keen interest in Cyber Security and understanding of key concepts and protocols You can code with any OO programming language (e.g. More ❯