Penetration Tester - Hybrid in London - Inside IR35 - 6 months

Penetration Tester - Hybrid in London - Inside IR35 - 6 months

We are seeking an experienced Penetration Testing & Offensive Security Consultant to join our team. This critical role, based in London (2-3 days per week on-site), requires deep expertise in conducting manual and automated security assessments across networks, applications, cloud platforms, and infrastructure. You will identify and exploit vulnerabilities, simulate real-world attacks, and deliver actionable remediation guidance to strengthen defenses. As a trusted advisor on offensive security practices, reporting standards, and threat simulation, you will play a key role in enhancing collaboration with development, cloud, and infrastructure teams, while ensuring robust security outcomes in sensitive and compliance-driven environments.

Key Responsibilities:

• Plan and execute penetration tests - perform manual and automated testing across applications, APIs, internal/external networks, cloud environments, and Active Directory.
• Identify, exploit, and validate vulnerabilities - uncover security flaws such as insecure authentication, authorization bypasses, misconfigurations, and privilege escalation paths.
• Simulate real-world attacks - use adversary techniques and offensive tools to test the resilience of networks, systems, and security controls.
• Develop detailed reports - produce both technical and executive-level documentation outlining findings, risk impact, and remediation steps

What You Will Ideally Bring:

• Application security knowledge - strong grasp of OWASP Top 10 and API security issues.Contract Details:
• Hands-on pentesting experience - 3-7+ years in penetration testing, red teaming, or offensive security across networks, cloud, AD, and web apps.
• Offensive security tooling - expertise with Nmap, Nessus, Masscan, Burp Suite, Metasploit, Cobalt Strike, Mimikatz, SQLmap, ScoutSuite, Pacu, etc.
• Reporting expertise - ability to produce professional pentest reports with CVSS scoring and MITRE ATT&CK mapping for both technical and executive stakeholders.

• Duration: 6 months (with view to extend)
• Day Rate: Up to £500 per day (Inside IR35)
• Location: London (3x a week)
• Start Date: ASAP

Penetration Tester - Hybrid in London - Inside IR35 - 6 months