Penetration Tester (CHECK, NIS-R, IEC 62443) - 6 months - Remote - Outside IR35

Penetration Tester (CHECK, NIS-R, IEC 62443) - 6 months - Remote - Outside IR35

We are seeking an experienced Penetration Tester to perform advanced security assessments within a critical national infrastructure environment. You will play a key role in testing and assuring the security of complex operational technology (OT) and IP-based communication systems aligned to NIS-R and IEC 62443 standards. This is an excellent opportunity for a technically strong tester with CHECK accreditation to support a major security assurance programme in the rail communications domain.

Key Responsibilities:

• Conduct detailed penetration tests and vulnerability assessments on networked systems, applications, and operational technology components.
• Support the security evaluation of GSM-R/FTS platforms and IP terminal systems (ISDN to IP migration projects).
• Deliver security testing in accordance with NCSC CHECK methodologies and industry best practice.
• Review system architecture and configurations for compliance with NIS-R and IEC 62443 requirements.
• Produce clear, concise test reports outlining vulnerabilities, exploitation methods, and remediation advice.
• Collaborate with internal engineering, compliance, and risk teams to improve the organisation's security posture.
• Contribute to the ongoing development of security test procedures for CNI and OT environments.

What You Will Ideally Bring:

• CHECK Team Member (CTM) or CHECK Team Leader (CTL) status (or equivalent under Crest, Cyber Scheme, or Tigerscheme).
• Proven experience conducting penetration tests within critical infrastructure, ICS, or operational technology environments.
• Practical knowledge of NIS Regulations (NIS-R) and IEC 62443 standards.
• Strong understanding of network protocols including TCP/IP, SIP, RTP, VoIP, and industrial protocols.
• Experience with both application and infrastructure testing methodologies.
• Excellent report writing and stakeholder communication skills.

Contract Details:

• Duration: 6 months (view to extend)
• Day Rate: Market Rates (Outside IR35)
• Location: fully remote
• Start Date: ASAP

Penetration Tester (CHECK, NIS-R, IEC 62443) - 6 months - Remote - Outside IR35