Penetration Tester - Quant trading firm - London

Penetration Tester | London (Onsite)|

A leading quantitative investment management firm is looking to hire a Penetration Tester to join its established Security Assurance function. The business operates at the intersection of technology and financial markets, running complex, high-performance infrastructure at scale, and takes a rigorous, engineering-led approach to security.

This is a senior individual contributor role sitting within a team responsible for identifying and validating security risks across a broad technology estate — spanning trading infrastructure, cloud platforms, APIs, and business applications. The hire will own internal penetration testing end-to-end and play a meaningful role in shaping the firm's adversarial testing capability. It will suit an experienced offensive security professional who is comfortable operating autonomously in a high-stakes environment and wants depth of scope rather than breadth of headcount.

Responsibilities

• Plan and conduct penetration tests across trading infrastructure, cloud platforms, APIs, and business applications in Windows and Linux environments
• Perform red team-style assessments and adversarial simulations to evaluate detection, response, and resilience capabilities
• Design and execute testing strategies to validate controls across applications, infrastructure, and cloud environments
• Coordinate external penetration testing engagements with third-party vendors, including scoping, execution oversight, findings validation, and remediation tracking
• Identify, exploit, and document vulnerabilities with clear, actionable remediation guidance tailored to engineering teams
• Contribute to threat modelling exercises, providing an attacker's perspective on system design and architecture
• Develop and maintain tooling, scripts, and frameworks to automate testing and improve assessment coverage
• Integrate penetration testing into CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls
• Provide mentorship and technical guidance to engineers on attack vectors, exploitation techniques, and secure design principles
• Stay current with emerging threats and offensive security techniques relevant to financial systems and low-latency environments

Requirements

• 5+ years of experience in penetration testing, red teaming, or security assurance, with hands-on exposure to complex, large-scale systems
• Strong practical knowledge of offensive security across web applications, APIs, networks, and cloud environments
• Solid understanding of system internals, networking, and common vulnerability classes including OWASP Top 10, authentication and authorisation flaws, logic issues, and race conditions
• Familiarity with Windows and Linux environments from an attacker's perspective
• Proficiency with standard penetration testing tooling including Burp Suite, Metasploit, Nmap, BloodHound, and equivalents
• Ability to assess real-world vulnerability impact and prioritise risk clearly in a high-stakes context
• Strong written and verbal communication skills, with the ability to articulate technical risk to engineering stakeholders
• Ability to manage multiple concurrent engagements and operate with senior-level technical judgement
• Preferred: cloud security testing experience (AWS or Azure); experience developing custom tooling, exploits, or fuzzers; CI/CD security integration; red team or purple team engagement experience; familiarity with containerised or Kubernetes environments; knowledge of low-latency or financial trading systems; relevant certifications such as OSCP, OSEP, OSCE, CRTO, CCT APP, or CCT INF.

For more information, please apply.