Senior Penetration Tester

Senior Penetration Tester

Location: Fully Remote (UK-Based)

Salary Range: £50,000 - £85,000 (dependent on experience)

Position: Permanent, Full-Time

My client is a dynamic and growing cybersecurity consultancy dedicated to providing top-tier security services to a diverse range of clients. They believe in empowering the team with the flexibility of remote work while tackling challenging and engaging projects that make a real difference to their clients' security posture.

The Role

We are seeking a highly skilled and motivated Senior Penetration Tester to join our remote team. You will be responsible for leading and executing complex penetration tests against a variety of systems, networks, and applications. The ideal candidate is not just a proficient tester but a critical thinker who can articulate risks clearly and provide pragmatic remediation advice to clients.

Key Responsibilities

• Plan, lead, and execute sophisticated penetration tests across infrastructure, web applications, APIs, and internal networks.
• Conduct advanced Red Team exercises to simulate real-world adversary attacks and test organisational defences.
• Produce high-quality, clear, and concise reports for both technical and executive audiences, detailing findings, risks, and actionable remediation strategies.
• Mentor and provide guidance to junior members of the team, promoting best practices and knowledge sharing.
• Collaborate with clients to scope engagements, present findings, and provide expert advice on mitigating identified vulnerabilities.
• Stay abreast of the latest security vulnerabilities, attack vectors, tools, and methodologies.
• Contribute to the continuous improvement of our testing methodologies and service offerings.

Essential Skills & Qualifications

• Must hold active CREST Certified Tester (CRT) certification. (Non-negotiable)
• Proven commercial experience in a penetration testing role.
• Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities.
• Strong experience in web application penetration testing (OWASP Top 10).
• Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.).
• Excellent written and verbal communication skills, with a proven ability to write detailed technical reports.
• A proactive and self-motivated attitude, capable of working effectively in a fully remote environment.

Desirable Skills & Qualifications

• Experience with or knowledge of implementing Cyber Essentials and Cyber Essentials Plus schemes is highly desirable.
• Additional certifications such as:
• CREST Certified Simulated Attack Specialist (CCSAS) / Certified Simulated Attack Manager (CCSAM)
• Offensive Security Certified Professional (OSCP)
• Certified Information Systems Security Professional (CISSP)
• SANS GIAC Penetration Tester (GPEN) or Web Application Penetration Tester (GWAPT)
• Experience in mobile application (iOS/Android) testing, cloud security (AWS/Azure/GCP), or social engineering.
• Experience scripting in Python, PowerShell, or Bash to develop custom tools or exploits.

What We Offer

• A competitive salary of £50,000 - £85,000.
• Fully remote working – work from anywhere in the UK.
• A supportive and collaborative culture with a strong focus on professional development.