1 to 25 of 124 Permanent Penetration Testing Jobs in the UK excluding London

intelligence in a dynamic, fast-paced security operational and strategic role in an organisation at the heart of research and innovation in the UK. Leading the Red Team of penetration testers your broad remit is to identify real-world risks to diverse technical landscapes, uncovering security vulnerabilities, actively exploiting findings, assessing additional impacts through post-exploitation, and providing proactive … advice to teams on the most effective remediation strategies. The role encompasses the full scope and delivery of penetration testing, including Black Box network assessments, insider threat evaluations, credentialed application exploitation, and rigorous testing of human and physical security controls across the UKRI estate. In addition to these offensive security responsibilities, the specialist manages the external penetration testing call-off contract to ensure that UKRI receives high-quality, tailored assessments both internally and externally, supporting a continuous programme of security improvement. Security: As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process.?Please indicate eligibility in More ❯

Principal Offensive Security Consultant £100k Location: Hybrid (2 days per month in London) Salary: £80,000 - £100,000 + benefits Are you a Senior Offensive Security Consultant or Principal Penetration Tester ready to take the next step into Red Teaming and Adversarial Simulation This is your opportunity to join an agile, rapidly growing UK cyber security consultancy where you … to research and tooling that truly make an impact. About the Role As a Senior/Principal Offensive Consultant , you'll lead complex technical engagements that go beyond standard penetration testing - focusing on advanced exploitative infrastructure testing , Active Directory compromise , and assumed breach assessments . You'll work directly with clients to scope, plan, and deliver high … impact projects, while helping to expand the organisation's Red Team and adversarial simulation services . Key Responsibilities: Lead and deliver high-level infrastructure and Active Directory penetration testing engagements. Conduct advanced exploitative testing , lateral movement analysis, and privilege escalation within real-world environments. Support presales activity - crafting scopes, proposals, and technical solutions aligned with client objectives. More ❯

intelligence in a dynamic, fast-paced security operational and strategic role in an organisation at the heart of research and innovation in the UK. Leading the Red Team of penetration testers your broad remit is toidentify real-world risks to diverse technical landscapes, uncovering security vulnerabilities, actively exploiting findings, assessing additional impacts through post-exploitation, and providing proactive advice … to teams on the most effective remediation strategies. The role encompasses the full scope and delivery of penetration testing, including black box network assessments, insider threat evaluations, credentialed application exploitation, and rigorous testing of human and physical security controls across the UKRI estate. In addition to these offensive security responsibilities, the specialist manages the external penetration testing call-off contract to ensure that UKRI receives high-quality, tailored assessments both internally and externally, supporting a continuous programme of security improvement. Security: As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process.?Please indicate eligibility in More ❯

a unique opportunity to build a highly sought-after, niche skill set at the intersection of these disciplines. Progression within this role includes the opportunity for upskilling into WebApp penetration testing with support and training available to support this progression. This is a remote position, with the very occasional requirement to travel to our North Yorkshire offices, industry … events and potentially client sites. Key Responsibilities Develop, maintain, and enhance security-focused applications and tooling. Collaborate with engineers to troubleshoot, debug, and write clean, scalable code. Implement development, testing and automation tools, as well as IT infrastructure. Continuously improve CI/CD pipelines and DevSecOps processes. Work across multiple projects, including client-facing engagements. Provide innovative and robust … solutions to complex, cutting-edge challenges. Support the Web Application Penetration Testing Team on code assisted web application tests. Who we are looking for Technical Essential skills Strong development skills inat least one programming language(e.g. Python, JavaScript, Java, C#, Go) Solid understanding ofcloud security principles and architecture(e.g. AWS well-architected framework) Knowledge of modernprogramming frameworks(e.g. More ❯

Penetration Tester - Leading Managed Services Provider Remote based. Salary: Up to 60k, depending on experience. A leading Managed Services Provider are seeking to recruit a technically skilled Cyber Security/Penetration Tester. This is a fantastic opportunity to join a well-established organisation delivering high-quality security services to enterprise clients across the UK. As a Penetration Tester, you will be responsible for conducting manual penetration testing across both application and infrastructure layers. You will contribute to secure build reviews, advise on secure design practices, and provide technical insight to both internal teams and clients. Key Responsibilities Perform manual penetration testing of web applications and infrastructure Conduct security build reviews across common … and concise technical reports for a range of stakeholders Collaborate with internal teams and clients to support remediation and secure development Required Skills and Experience Proven experience in manual penetration testing (application and infrastructure) Strong understanding of TCP/IP and core networking principles Extensive experience testing web-based applications Familiarity with secure configuration and build reviews More ❯

Network Security Engineer Network Security/Penetration Testing/CREST/CSTL/API Testing/Config Reviews/Infrastructure/Outside IR35/West London We’re seeking an experienced Network Security Engineer to support a major multi-phase security testing project. You’ll conduct penetration tests, configuration reviews, and infrastructure assessments, contributing to … a high-profile programme of work extending into next year. Required Strong background in network and infrastructure security. Experience performing penetration testing, configuration reviews, and API testing. Knowledge of “classic” CHECK-style testing methodologies. CREST, CSTL or CTL certification (Team Member or Team Leader level). Ability to deliver high-quality reports and communicate technical findings clearly. … Hands-on experience across infrastructure, networking, and external testing. Desirable Experience working within CHECK or other accredited testing schemes. Strong understanding of secure network architecture and hardening practices. Previous consultancy or project-based testing experience. Contract Details Outside IR35 West London (on-site presence required for majority of testing) 0-hours contract – project-based work, phase by More ❯

Network Security Engineer Network Security/Penetration Testing/CREST/CSTL/API Testing/Config Reviews/Infrastructure/Outside IR35/West London We’re seeking an experienced Network Security Engineer to support a major multi-phase security testing project. You’ll conduct penetration tests, configuration reviews, and infrastructure assessments, contributing to … a high-profile programme of work extending into next year. Required Strong background in network and infrastructure security. Experience performing penetration testing, configuration reviews, and API testing. Knowledge of “classic” CHECK-style testing methodologies. CREST, CSTL or CTL certification (Team Member or Team Leader level). Ability to deliver high-quality reports and communicate technical findings clearly. … Hands-on experience across infrastructure, networking, and external testing. Desirable Experience working within CHECK or other accredited testing schemes. Strong understanding of secure network architecture and hardening practices. Previous consultancy or project-based testing experience. Contract Details Outside IR35 West London (on-site presence required for majority of testing) 0-hours contract – project-based work, phase by More ❯

Location: Belfast Workplace: Hybrid The opportunity: The Security Vulnerability and Penetration Testing Engineer will oversee and serve as a technical resource for all assessment activities related to the security posture of existing and proposed firm systems, platforms, and processes to protect and continually improve the confidentiality, integrity, and availability of information systems per the firm's business objectives … regulatory requirements, and strategic goals. Main responsibilities: Perform security penetration testing of the Firm's systems, platforms, and applications Serve as a Subject Matter Expert (SME) for the VAPT function Serve as the system owner for common VAPT toolsets, platforms, and processes Provide technical assessment reports that are easily understandable by the target audience and include practical and … is required Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables Extensive experience with common automated VAPT tools such as Nessus, Appscan, Burp Suite, Nipper, and Trustwave Expert in common More ❯

own and mature our vulnerability and threat intelligence lifecycle. This role will focus on proactively identifying, assessing, and reducing security risks across our environment. You will lead vulnerability scanning, penetration testing, bug bounty findings, patch management facilitation, and KPI reporting — ensuring our overall vulnerability posture is well understood and continuously improved. As part of a small, hands-on … calls with IT/application teams, track progress, and drive accountability. Monitor and report on key vulnerability metrics and KPIs, presenting regular updates to security leadership. Manage third-party penetration testing activities, track findings, and ensure timely remediation. Oversee bug bounty program operations, triage reports, and coordinate with development teams for remediation. Continuously assess external attack surface and … and consistency of vulnerability processes. 🏡 What we’re looking for Experience in vulnerability management, threat intelligence, or related information security roles. Strong knowledge of vulnerability scanning, patch management, and penetration testing processes. Experience with security tools such as BurpSuite Enterprise, Wiz, CrowdStrike, BitSight, or equivalent platforms. Familiarity with vulnerability frameworks such as CVSS, OWASP Top 10, MITRE ATT More ❯

own and mature our vulnerability and threat intelligence lifecycle. This role will focus on proactively identifying, assessing, and reducing security risks across our environment. You will lead vulnerability scanning, penetration testing, bug bounty findings, patch management facilitation, and KPI reporting — ensuring our overall vulnerability posture is well understood and continuously improved. As part of a small, hands-on … calls with IT/application teams, track progress, and drive accountability. Monitor and report on key vulnerability metrics and KPIs, presenting regular updates to security leadership. Manage third-party penetration testing activities, track findings, and ensure timely remediation. Oversee bug bounty program operations, triage reports, and coordinate with development teams for remediation. Continuously assess external attack surface and … and consistency of vulnerability processes. 🏡 What we’re looking for Experience in vulnerability management, threat intelligence, or related information security roles. Strong knowledge of vulnerability scanning, patch management, and penetration testing processes. Experience with security tools such as BurpSuite Enterprise, Wiz, CrowdStrike, BitSight, or equivalent platforms. Familiarity with vulnerability frameworks such as CVSS, OWASP Top 10, MITRE ATT More ❯

own and mature our vulnerability and threat intelligence lifecycle. This role will focus on proactively identifying, assessing, and reducing security risks across our environment. You will lead vulnerability scanning, penetration testing, bug bounty findings, patch management facilitation, and KPI reporting — ensuring our overall vulnerability posture is well understood and continuously improved. As part of a small, hands-on … calls with IT/application teams, track progress, and drive accountability. Monitor and report on key vulnerability metrics and KPIs, presenting regular updates to security leadership. Manage third-party penetration testing activities, track findings, and ensure timely remediation. Oversee bug bounty program operations, triage reports, and coordinate with development teams for remediation. Continuously assess external attack surface and … and consistency of vulnerability processes. 🏡 What we’re looking for Experience in vulnerability management, threat intelligence, or related information security roles. Strong knowledge of vulnerability scanning, patch management, and penetration testing processes. Experience with security tools such as BurpSuite Enterprise, Wiz, CrowdStrike, BitSight, or equivalent platforms. Familiarity with vulnerability frameworks such as CVSS, OWASP Top 10, MITRE ATT More ❯

Cyber Security Consultant (Penetration Tester) Milton Keynes, Buckinghamshire, United Kingdom We are seeking an experienced Cyber Security Consultant (Penetration Tester) . Make an Impact at RSM UK At RSM, our consulting team brings together diverse advisory experts to deliver our six core solutions: business transformation, forensic, deal services, restructuring, finance function support, and risk and governance. Our solutions … seeking an enthusiastic Cyber Security Consultant to join our team. Working alongside our experienced team of specialists, you'll deliver offensive security services including digital footprint reconnaissance, social engineering, penetration testing, vulnerability assessments, and more to high-profile clients across all industries. The purpose of this role is to deliver offensive security services such as digital footprint reconnaissance … social engineering, vulnerability assessments, penetration testing, threat modeling, cyber-attack simulation exercises, and more. You'll benefit from ongoing coaching, career mentoring, and support through our career pathway. You will have opportunities to develop market-leading skills across different capabilities and advance your professional development. You will make an impact by: Supporting technical scoping activities for client assignments. More ❯

the Director of Architecture, Engineering and Test, this role operates horizontally across engineering teams, working closely with the Head of Engineering, Technology Owners and Head of Data to embed testing and quality at every stage of the software development lifecycle.You will lead the transformation of our testing function, focusing on automation, continuous testing, performance engineering, and governance … ensuring that testing is integrated seamlessly into all development processes. Key Responsibilities include: Defining and implementing a company-wide test strategy that aligns with engineering and business goals. Establishing best practices for test automation, performance testing, security testing, and continuous integration. Driving the adoption of test automation frameworks to increase efficiency and reliability. Ensuring test automation is … a culture of continuous improvement, innovation, and knowledge sharing. Ensuring observability, monitoring, and incident/defect management practices incorporate quality metrics. Leading initiatives to enhance system resilience and failover testing for mission-critical services. Ensuring software releases comply with security, regulatory, and compliance standards (e.g., GDPR, ISO 27001). Collaborating with security teams to integrate penetration testing More ❯

effective security controls and countermeasures. Conduct threat modelling exercises to identify potential security risks and vulnerabilities early in the development lifecycle. Conduct in-depth security assessments, code reviews, and penetration testing of applications to identify and mitigate security vulnerabilities. Utilise industry-standard tools and methodologies to assess the security posture of applications and provide actionable recommendations for remediation … person, with the ability to educate and influence on Application Security matters Basic experience in Software Development with any programming language Security Test Management Application Security Assessments Security Assurance Penetration Testing Security Evaluation & Functional Testing Application Security Testing If the above is of interest, please apply with an updated copy of your CV and a member More ❯

Penetration Tester – Cyber Security Contract until December 2025 (extension likely) Hybrid working, 50/50 split between home and site in Berkshire Active SC clearance required ABOUT THE CLIENT: Our client is a leading organisation within the cyber and defence technology sector, delivering secure digital solutions to UK government and critical national infrastructure programmes. They are expanding their cyber … capability and are seeking an experienced Penetration Tester to join the team on a long-term contract, supporting a range of high-impact security projects. THE PENETRATION TESTER ROLE: As a Penetration Tester, you will perform manual and automated testing across web applications, networks, APIs, and mobile platforms. You’ll identify and document vulnerabilities, support red … team operations, and collaborate with development and infrastructure teams to ensure effective remediation and security improvements. Key responsibilities include: Conducting penetration tests and vulnerability assessments across multiple environments Performing red team and threat simulation exercises Producing detailed reports outlining findings, risks, and mitigation strategies Staying current with emerging attack vectors, tools, and exploits Contributing to internal security awareness and More ❯

Penetration Tester – Cyber Security Contract until December 2025 (extension likely) Hybrid working, 50/50 split between home and site in Berkshire Active SC clearance required ABOUT THE CLIENT: Our client is a leading organisation within the cyber and defence technology sector, delivering secure digital solutions to UK government and critical national infrastructure programmes. They are expanding their cyber … capability and are seeking an experienced Penetration Tester to join the team on a long-term contract, supporting a range of high-impact security projects. THE PENETRATION TESTER ROLE: As a Penetration Tester, you will perform manual and automated testing across web applications, networks, APIs, and mobile platforms. You’ll identify and document vulnerabilities, support red … team operations, and collaborate with development and infrastructure teams to ensure effective remediation and security improvements. Key responsibilities include: Conducting penetration tests and vulnerability assessments across multiple environments Performing red team and threat simulation exercises Producing detailed reports outlining findings, risks, and mitigation strategies Staying current with emerging attack vectors, tools, and exploits Contributing to internal security awareness and More ❯

apps that sync with the client's hardware devices Drive DevOps best practices across CI/CD pipelines, monitoring, and deployment Design and maintain a cybersecurity-first architecture, including penetration testing Optimise an Azure-based infrastructure for high availability and cost efficiency Collaborate with cross-functional teams to deliver impactful new features Shape the design of future products … Tech Stack Web: ASP.NET Core, C#, JavaScript, HTML/CSS PC: C#, XAML, USB-MTP Mobile: Cordova (iOS & Android) Cloud: Microsoft Azure, CI/CD pipelines, version control, automated testing Security: Secure coding, authentication, penetration testing Hardware: Industry-leading devices, digitally integrated What They are Looking For KO2's client is seeking a creative, forward-thinking developer More ❯

platforms like CyGlass and KnowBe4, coordinate with external partners including Pentest People, and support internal compliance efforts. This is a hands-on role with variety — from incident response and penetration testing coordination to user training and policy development. Key Responsibilities Security Operations & Monitoring • Manage and monitor the CyGlass network defence platform • Coordinate penetration testing and remediation More ❯

impact security projects within complex OT environments. As a Senior ICS OT Cyber Security Engineer, you will take a lead role in securing operational technology networks, delivering threat modelling, penetration testing, and cyber risk mitigation strategies for industrial environments. You will work closely with key stakeholders to design secure architectures, provide technical leadership on live security projects, and … candidates to be eligible for SC Level Security Clearance. Main Responsibilities: Lead the design and implementation of secure OT network architectures across critical infrastructure environments. Conduct attack path analysis, penetration testing and adversary simulations within ICS/OT environments. Perform cybersecurity risk assessments and technical security audits aligned to recognised industry frameworks. Develop technical design specifications and security More ❯

is accountable for security within the mobile channel. We provide a suite of mobile security components, that provides an all-round security posture in mobile apps including associated services (penetration testing, obfuscation, consultancy etc.). Our mission is to build a scalable, adaptable, and proactive approach to securing customer's mobile apps, enabling mobile engineers across the bank … delivering, and driving the security of our mobile platform. The key aspect of this role is the design and delivery of a world-class security framework, including associated services (penetration testing, research, consultancy etc.). Essential skills & experience: Experience of Mobile platform security, threat modelling and mitigation techniques Capable of conducting regular reviews of our mobile application security … posture using your hands-on experience. Develop and maintain pen-testing security tools, scripts, policies and procedures In depth knowledge of mobile app security standards (Android/iOS) Desirable knowledge & experience Familiarity with mobile development, DevSecOps tooling, testing and automation frameworks. Have deep knowledge and experience using the mobile security tools. Good understanding of authentication, authorisation, encryption, and More ❯

Contract Opportunity: Cyber Security Test Engineer - Automotive | Hybrid Cyber Security Test Engineer on a contract basis to support the testing and validation of cybersecurity features in cutting-edge automotive products. This role is pivotal in ensuring compliance with global regulations including UNECE R.155 and China GB 44495, helping our client deliver secure and compliant vehicles to markets worldwide. You … ll report to the Functional Manager - Product Security Test & Incident Management, and work across test benches and vehicles to execute cybersecurity testing, support homologation, and contribute to the development lifecycle of secure automotive systems. Whats on Offer: Attractive hourly rate (outside IR35) Current end date 31/01/2026 - possibility of extensions (Project is until Feb … week Hybrid - 2 days on site per week (flexible on days) Possible international travel, driving licence essential Key Responsibilities: Prepare and maintain test environments (benches and vehicles) for cybersecurity testing Develop and execute test cases aligned with UNECE R.155, GB 44495, and other standards Produce detailed test reports and support global compliance testing Coordinate product security testing More ❯

Contract Opportunity: Cyber Security Test Engineer - Automotive | Hybrid Cyber Security Test Engineer on a contract basis to support the testing and validation of cybersecurity features in cutting-edge automotive products. This role is pivotal in ensuring compliance with global regulations including UNECE R.155 and China GB 44495, helping our client deliver secure and compliant vehicles to markets worldwide. You … ll report to the Functional Manager - Product Security Test & Incident Management, and work across test benches and vehicles to execute cybersecurity testing, support homologation, and contribute to the development lifecycle of secure automotive systems. Whats on Offer: Attractive hourly rate (outside IR35) Current end date 31/01/2026 - possibility of extensions (Project is until Feb … week Hybrid - 2 days on site per week (flexible on days) Possible international travel, driving licence essential Key Responsibilities: Prepare and maintain test environments (benches and vehicles) for cybersecurity testing Develop and execute test cases aligned with UNECE R.155, GB 44495, and other standards Produce detailed test reports and support global compliance testing Coordinate product security testing More ❯

Contract Opportunity: Cyber Security Test Engineer - Automotive | Hybrid Cyber Security Test Engineer on a contract basis to support the testing and validation of cybersecurity features in cutting-edge automotive products. This role is pivotal in ensuring compliance with global regulations including UNECE R.155 and China GB 44495, helping our client deliver secure and compliant vehicles to markets worldwide. You … ll report to the Functional Manager - Product Security Test & Incident Management, and work across test benches and vehicles to execute cybersecurity testing, support homologation, and contribute to the development lifecycle of secure automotive systems. Whats on Offer: Attractive hourly rate (outside IR35) Current end date 31/01/2026 - possibility of extensions (Project is until Feb … week Hybrid - 2 days on site per week (flexible on days) Possible international travel, driving licence essential Key Responsibilities: Prepare and maintain test environments (benches and vehicles) for cybersecurity testing Develop and execute test cases aligned with UNECE R.155, GB 44495, and other standards Produce detailed test reports and support global compliance testing Coordinate product security testing More ❯

Penetration Tester Remote (occasional travel to Gloucestershire) £50,000 – £65,000 + Bonus (post-DV clearance) Are you a skilled Penetration Tester looking to take the next step in your career, working with some of the UK’s most high-profile and security-sensitive clients? We’re partnered with a specialist consultancy seeking an experienced Pen Tester to … of working remotely and only occasional travel to the Gloucestershire office. What you’ll need: CTM or CSTM certification (preferred, but willing to work towards). Strong background in penetration testing across networks, applications, and infrastructure. Solid understanding of common vulnerabilities, exploits, and remediation techniques. British Citizen status (essential, due to nature of work). Willingness and eligibility More ❯

well as carrying out manual reviews to discover any issues with customer infrastructure and web applications. You'll be pro-active and will have the opportunity within Red Team testing to try anything and everything to outmanoeuvre the defenders and gain access to customer networks. WFH Policy: There's a remote interview/onboarding process and the ability to … top tier world university - Computer Science, Engineering, Physics or Mathematics; MSc or PhD advantageous You're OSCP or CRT certified You have commercial experience with Offensive Security, Red Team testing or Penetration testing You have a keen interest in Cyber Security and understanding of key concepts and protocols You can code with any OO programming language (e.g. More ❯