Penetration Tester - Quant trading firm - London

Penetration Tester | London (Onsite)|

A leading quantitative investment management firm is looking to hire a Penetration Tester to join its established Security Assurance function. The business operates at the intersection of technology and financial markets, running complex, high-performance infrastructure at scale, and takes a rigorous, engineering-led approach to security.

This is a senior individual contributor role sitting within a team responsible for identifying and validating security risks across a broad technology estate — spanning trading infrastructure, cloud platforms, APIs, and business applications. The hire will own internal penetration testing end-to-end and play a meaningful role in shaping the firm's adversarial testing capability. It will suit an experienced offensive security professional who is comfortable operating autonomously in a high-stakes environment and wants depth of scope rather than breadth of headcount.

Responsibilities

  • Plan and conduct penetration tests across trading infrastructure, cloud platforms, APIs, and business applications in Windows and Linux environments
  • Perform red team-style assessments and adversarial simulations to evaluate detection, response, and resilience capabilities
  • Design and execute testing strategies to validate controls across applications, infrastructure, and cloud environments
  • Coordinate external penetration testing engagements with third-party vendors, including scoping, execution oversight, findings validation, and remediation tracking
  • Identify, exploit, and document vulnerabilities with clear, actionable remediation guidance tailored to engineering teams
  • Contribute to threat modelling exercises, providing an attacker's perspective on system design and architecture
  • Develop and maintain tooling, scripts, and frameworks to automate testing and improve assessment coverage
  • Integrate penetration testing into CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls
  • Provide mentorship and technical guidance to engineers on attack vectors, exploitation techniques, and secure design principles
  • Stay current with emerging threats and offensive security techniques relevant to financial systems and low-latency environments

Requirements

  • 5+ years of experience in penetration testing, red teaming, or security assurance, with hands-on exposure to complex, large-scale systems
  • Strong practical knowledge of offensive security across web applications, APIs, networks, and cloud environments
  • Solid understanding of system internals, networking, and common vulnerability classes including OWASP Top 10, authentication and authorisation flaws, logic issues, and race conditions
  • Familiarity with Windows and Linux environments from an attacker's perspective
  • Proficiency with standard penetration testing tooling including Burp Suite, Metasploit, Nmap, BloodHound, and equivalents
  • Ability to assess real-world vulnerability impact and prioritise risk clearly in a high-stakes context
  • Strong written and verbal communication skills, with the ability to articulate technical risk to engineering stakeholders
  • Ability to manage multiple concurrent engagements and operate with senior-level technical judgement
  • Preferred: cloud security testing experience (AWS or Azure); experience developing custom tooling, exploits, or fuzzers; CI/CD security integration; red team or purple team engagement experience; familiarity with containerised or Kubernetes environments; knowledge of low-latency or financial trading systems; relevant certifications such as OSCP, OSEP, OSCE, CRTO, CCT APP, or CCT INF.

For more information, please apply.

Apply Now
Apply Now

Job Details

Company
La Fosse
Location
City of London, London, United Kingdom
Posted