Penetration Tester

Penetration Tester

Whitehall Resources currently require an experienced Penetration Tester to work with a key client based in London

*Please note this role falls INSIDE IR35*

The Role:
Performs manual and automated penetration tests on networks, systems, web applications, and endpoints. Identifies, exploits, and documents security vulnerabilities to assess an organization's risk exposure. Develops detailed reports with findings, impact analysis, and actionable remediation re commendations. Simulates real-world attacks to test the effectiveness of existing security controls and incident response. Keeps up to date with the latest vulnerabilities, exploit techniques and penetration testing tools in general and more specific to an airline industry, transportation sector.

Your responsibilities:
. Performing IaC Automation and ServiceNow integrations to automate AWS Service catalogues.
. Planning and conducting the full-scope penetration tests of applications, APIs, internal infrastructure, networks, cloud environments
. Perform internal/external network testing, AD enumeration and abuse, privilege escalation
. Identifying potential weaknesses in systems, networks, and applications through various methods, including automated scanning and manual analysis.
. Employing the techniques and tools that malicious hackers might use to test the resilience of systems and identify vulnerabilities.
. Identify flaws such as insecure authentication, authorization bypass, input validation issues, cloud misconfigurations, AD misuses, etc.
. Create detailed reports, providing actionable advice to clients on how to address the identified vulnerabilities and improve their security posture; outlining identified vulnerabilities, their potential impact, and recommended remediation steps: including executive summaries and technical findings
. Collaborate with development, cloud, and infrastructure teams on remediation
. Test and review cloud security (AWS/Azure/GCP): IAM, storage, networking, etc.

Essential skills/knowledge/experience:
. Strong application security background (OWASP Top 10, API security)
. 3-7+ years in penetration testing, red teaming, or offensive security
. Proven experience conducting end-to-end pentests (internal, external, cloud, AD, web app, API)
. Familiarity with common pentest reporting formats (CVSS, MITRE ATT&CK mapping)
. Experience working in both waterfall and agile environments
. Comfort with NDA-restricted, compliance-driven, or sensitive environments
. Strong reporting skills for both technical and executive audiences
. Familiarity with cryptographic principles and techniques.
. Ability to write scripts (Python, Shell, Bash) for automation and exploit development.
. Infrastructure: Windows, Linux, Active Directory, Entra ID/Azure AD, VPNs, VLANs
. Cloud Platforms: AWS, Azure, GCP

Security Tools:
o Recon & Infra: Nmap, Nessus, Masscan, Amass, Recon-ng
o Exploitation: Metasploit, ExploitDB, Cobalt Strike, Empire, Mimikatz
o Web App Tools: Burp Suite, ZAP, Nikto, SQLmap
o Cloud Tools: ScoutSuite, CloudSploit, Pacu

Desirable skills/knowledge/experience:
. Exceptional Customer engagement and reporting skills.
. Exceptional analytical, problem-solving, and troubleshooting abilities.
. Proven use of modern security tooling in real-world projects
. Experience in agile delivery teams and cross-functional collaboration
. Comfortable documenting technical findings and engaging in remediation cycles

Nice to Have Certifications (not mandatory):
o OSCP, OSWA, OSEP, OSCE, CRTP, CRTE, GPEN, GXPN, eCPPT
o AWS or Azure Security certs
o Advanced AD/cloud/red teaming trainings (eg, SANS, HackTheBox Pro Labs)

All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.

Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.