The team you'll be working with: Consultant - Offensive Security Testing Role Overview: We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus on threat intelligence and attack methods. The ideal candidate will manage and conduct advanced penetrationtesting engagements, leveraging threat intelligence to simulate real-world attacks across various environments, including … skills, and the ability to provide strategic, actionable recommendations to enhance our clients' security posture. What you'll be doing: Responsibilities: Lead and manage the full lifecycle of complex penetrationtesting engagements, applying a threat intelligence-led approach. Execute advanced penetration tests across environments such as applications, infrastructure, web, APIs, O365, Azure, AWS, and OT, using current … maintain detailed test plans and use cases informed by threat intelligence analysis. Identify and prioritize critical OT and IT assets based on potential threats and exposure. Plan and schedule testing engagements based on threat assessments and client needs. Produce clear, detailed reports with technical findings, business impact, and strategic remediation recommendations for diverse audiences. Communicate complex security concepts and More ❯
Loughton, Essex, England, United Kingdom Hybrid / WFH Options
Profile 29
role. This role will focus on creating a business strategy, gap analysis and implementation, for securing their Azure-based infrastructure, integrating security automation, ensuring PCI DSS compliance, vulnerability and penetrationtesting and incident response. This role will focus on developing and maintaining secure, scalable Azure DevOps pipelines and Infrastructure as Code (IaC) using Terraform. Their ideal candidate will … Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & PenetrationTesting: Review PenetrationTesting, vulnerability assessments, and security scanning to proactively identify and remediate risks. PCI DSS Compliance: Conduct security audits, risk assessments, and ensure regulatory … contract continuity. Required Strong expertise in Azure cloud security, Microsoft Defender, and Microsoft Sentinel. Proven experience in SOAR technologies for security automation and response orchestration. Hands-on experience with penetrationtesting, vulnerability assessments, and security scanning. Experience implementing and managing WAF, IPS, and DNS security solutions. Extensive experience with Terraform for IaC security automation. Knowledge of DevOps pipelines More ❯
Work for an award-winning provider of Security Services, specialising in Cyber Security Services such as Vulnerability Management, Information Security, PenetrationTesting, and Managed Security Services. We boast a fully managed Security Operations Centre (SOC) staffed by dedicated professionals. We're seeking a skilled Cyber Security Engineer to join our clients eam. The ideal candidate will have expertise … maintain KQL scripts for querying and analysing data within Azure Sentinel. Collaborate with cross-functional teams to identify security vulnerabilities and develop appropriate solutions. Conduct regular security assessments and penetrationtesting to identify and mitigate potential risks. Stay updated on emerging cyber security threats and best practices, implementing necessary adjustments to security protocols. Provide guidance and support to More ❯
security architecture and assurance to OFFICIAL and above classifications. Provide specialist advice and knowledge of Public Cloud (Azure, AWS, GCP) cloud-based security architectures. Define and lead external security testing (e.g ITHC) of solutions on the public cloud (Azure, AWS, GCP), cloud native platforms (Docker, Kubernetes, etc.), and Software as a Service (SaaS) solutions. Formulate HMG Information Assurance Risk … across IaaS, PaaS, SaaS and Serverless architectures Implementing Information Security and Privacy Standards and Frameworks (e.g. ISO 27k, NIST800-53, CIS, GDPR) Leading security working groups and external security testing (ITHC, PenetrationTesting, etc) of cloud solutions at high HMG classification levels (OFFICIAL required, SECRET desirable) or equivalent in other industries Designing & delivering secure systems & tooling: Working … and principles Working within environments utilising DevOps, DevSecOps, SRE, CI/CD, Infrastructure & Security as Code (Docker, Git, Terraform) Managing technical assessments of security related technologies, vulnerability assessments and penetration tools and techniques Enabling & informing risk-based decisions: Working with higher impact or more complex risks, advising on the impact and whether this is within risk tolerance Understanding and More ❯
demonstrating expertise across various areas (e.g., CISM, CISA, OSCP, GPEN). Experience Industry Experience: Minimum of 3-5 years of professional experience in cybersecurity roles such as security analyst, penetration tester, security consultant, or security architect. Teaching Experience: Prior teaching experience in higher education or corporate training environments preferred. Experience with online course platforms and virtual learning environments is … IDS/IPS, network monitoring tools, threat intelligence platforms, and security protocols. Skills and Expectations: Technical Expertise In-depth knowledge of cybersecurity frameworks, tools, and protocols. Practical experience with penetrationtesting, vulnerability assessments, and security operations. Familiarity with incident response procedures, risk management, and security compliance. Instructional Skills Ability to convey complex technical information clearly and effectively to More ❯
Luton, Bedfordshire, United Kingdom Hybrid / WFH Options
Leonardo UK Ltd
Plan, lead the response to security incidents and breaches, providing expertise in root cause analysis, containment, and remediation. Vulnerability Management: Conduct regular security assessments, including vulnerability scanning and writing penetrationtesting Statement of Works, and manage the remediation of identified vulnerabilities. Security Tools & Technologies Advice: Provide guidance on the selection, implementation, and optimization of security tools such as … IA Technical Risk Assessments and the management of these Assessments Good understanding and appreciation of the Engineering development lifecycles and how the Product Security specialism aligns Ability to interpret Penetration Test Reports and write Remediation Action Plans An appreciation of the wider UK Government Assurance Processes (such as the legacy JSP 604 Assurance or the CAF GovAssure processes). More ❯
to support our efforts at DISA. Key Responsibilities: Detection/Monitoring : Continuously monitor and analyze systems for unusual activity and potential threats. Vulnerability Assessments : Conduct regular vulnerability assessments and penetrationtesting to identify and address security weaknesses. Incident Response : Investigate security breaches and other cybersecurity incidents, providing timely and effective responses. Security Measures : Develop and implement robust security More ❯
Proficiency in shell scripting, creating Snort rules, or other log-searching query languages. Confidence in handling common security incidents independently. Good understanding of Vulnerability Scanning, Management, and Ethical Hacking (PenetrationTesting). Knowledge of ITIL disciplines such as Incident, Problem, and Change Management. Ability to work with minimal supervision. Willingness to work in a 24/7 operations More ❯
Newmarket, Suffolk, United Kingdom Hybrid / WFH Options
Beyond Co
ensure we continuously improve our security posture. What you'll be doing: Ensure Security Engineering capabilities align with business needs and scale effectively with growth. Lead assurance activities, including penetrationtesting, purple teaming, and application security assessments, to validate control effectiveness and uncover areas for improvement. Drive key security initiatives such as developing secure coding standards, conducting threat More ❯
practices, and common attack vectors. • Knowledge of security compliance frameworks and regulations such as GDPR, HIPAA, PCI DSS, and SOC 2. • Ability to conduct risk assessments, vulnerability assessments, and penetration testing. • Proficiency in scripting languages like Python, PowerShell, or Bash for automation and orchestration tasks. Certifications: (Nice to have, not required: ) • Relevant certifications can be advantageous, such as Certified More ❯
and, where relevant, notify leadership to incorporate information into processes, procedures, and audit preparedness activities. Perform technology security risk assessments. Where appropriate, leverage security shared services (VRA, VM, Pen Testing) and provide oversight and assurance of cybersecurity controls in development and deployment all the way through the system go-live. Hold great working relationships with the Security Architecture team More ❯
St. Albans, Hertfordshire, United Kingdom Hybrid / WFH Options
Deloitte LLP
and, where relevant, notify leadership to incorporate information into processes, procedures, and audit preparedness activities. Perform technology security risk assessments. Where appropriate, leverage security shared services (VRA, VM, Pen Testing) and provide oversight and assurance of cybersecurity controls in development and deployment all the way through the system go-live. Hold great working relationships with the Security Architecture team More ❯
Reading, Berkshire, United Kingdom Hybrid / WFH Options
Deloitte LLP
and, where relevant, notify leadership to incorporate information into processes, procedures, and audit preparedness activities. Perform technology security risk assessments. Where appropriate, leverage security shared services (VRA, VM, Pen Testing) and provide oversight and assurance of cybersecurity controls in development and deployment all the way through the system go-live. Hold great working relationships with the Security Architecture team More ❯
Guildford, Surrey, United Kingdom Hybrid / WFH Options
Deloitte LLP
and, where relevant, notify leadership to incorporate information into processes, procedures, and audit preparedness activities. Perform technology security risk assessments. Where appropriate, leverage security shared services (VRA, VM, Pen Testing) and provide oversight and assurance of cybersecurity controls in development and deployment all the way through the system go-live. Hold great working relationships with the Security Architecture team More ❯
are looking for Network Security Engineers who are familiar with both network defense and offensive techniques to support ongoing operations and secure our customers' networks. You will be assisting Penetration Testers with analysis of edge network devices to include vulnerability analysis and exploitation. We are looking for Network Security Engineers with a blend of network infrastructure management and familiarity … with network penetrationtesting and offensive security. Candidates should have a minimum of 7+ years of experience as a Network Engineer, System Engineer or in the Cyber Security field as a hands-on penetration tester. Candidates with fewer years of experience will be considered on a case-by-case basis, depending on technical skill level. JOB SUMMARY … We are looking for Network Security Engineers to work on covert and secure networks. Prior penetrationtesting experience is not required but is a plus. This is a great position to transition from more traditional network engineering and network defense into the penetrationtesting field. This position will allow you to expand both your offensive and More ❯
educating DevOps teams in security best practices Conduct/Lead threat modelling and security design activities alongside Dev/Engineering Teams Work with 3rd parties to support vulnerability and penetrationtesting Process reports from external penetrationtesting vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks Skills: Software engineering background … Security Frameworks e.g. OWASP SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of application security awareness, including the security of web applications Experience with risk management activities - identifying, assessing and providing remediation options for application and technology risks More ❯
security policies. Ensure security integration into the Software Development Lifecycle (SSDLC) by collaborating with product owners to implement security best practices. Lead and follow up on non-functional security testing (code scanning, penetrationtesting, threat modelling) and the yearly security auditing campaign, ensuring follow-up as part of the risk management process. Manage the related security risks … in the context of our software development and coordination activities, work with product owners and software development teams on managing identified risks. Provide security expertise to testing teams to enhance security coverage in functional test cases. Organise and perform security trainings for the teams. Support the architecture design activities with security related knowledge. Act as the single point of More ❯
the cloud to ensure design implementation, safeguarding Experian's assets. You'll assess control design, performance, and compliance with standards and regulations, reporting to the Information Security Control Assurance Testing Manager. Identifying gaps, documenting findings, and recommending improvements to mitigate risks are important responsibilities. Using data-driven testing techniques and a defined methodology, you'll collaborate to ensure … Develop test plans, test cases, and procedures, applying data from security tools to capture evidence. Use queries and dashboards to identify potential control failures as part of the control testing process. Ensure the accuracy and timely completion of control testing, providing peer review. Document findings, including root cause analysis and applicable recommendations for remediation. Be the primary liaison … with partners, delivering clear progress updates and results. Contribute lessons learned by integrating partner feedback to improve the control testing program. About Experian About us, but we'll be brief Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses, and society. Experian is a global data More ❯
the cloud to ensure design implementation, safeguarding Experian's assets. You'll assess control design, performance, and compliance with standards and regulations, reporting to the Information Security Control Assurance Testing Manager. Identifying gaps, documenting findings, and recommending improvements to mitigate risks are important responsibilities. Using data-driven testing techniques and a defined methodology, you'll collaborate to ensure … Develop test plans, test cases, and procedures, applying data from security tools to capture evidence. Use queries and dashboards to identify potential control failures as part of the control testing process. Ensure the accuracy and timely completion of control testing, providing peer review. Document findings, including root cause analysis and applicable recommendations for remediation. Be the primary liaison … with partners, delivering clear progress updates and results. Contribute lessons learned by integrating partner feedback to improve the control testing program. About Experian About us, but we'll be brief Experian is the world's leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses, and society. Experian is a global data More ❯
reviews will cover risk and gap assessments, threat profiling and analysis, security incident history reviews and thorough evaluations of supplier policies and procedures, current security controls, third party pen testing reports, vulnerability management reports, and information security reports such as SOC2 Reports, NIST or ISO 27001 reports, PCI DSS etc). Manage relationships with large third-party suppliers involved More ❯
Colorado Springs, Colorado, United States Hybrid / WFH Options
OSAAVA Services
Description: We are seeking Cybersecurity Software Evaluators to assess and analyze the security of software applications used in high-security government environments. This role involves conducting cyber evaluations, security testing, and risk assessments on software applications to ensure compliance with Department of Defense (DoD) cybersecurity standards. This position is initially for a few months with the potential for long … Test applications for compliance with DoD cybersecurity frameworks, including NIST 800-53, RMF, and STIGs. • Work closely with developers, security engineers, and system administrators to implement security recommendations. • Perform penetrationtesting and vulnerability assessments on government software systems. • Document findings, create security reports, and provide actionable recommendations for remediation. • Assist with the development of secure coding practices and … with the ability to maintain it in valid status. • Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience). • 5+ years of experience in cybersecurity, penetrationtesting, or software security evaluation. • Certifications such as CISSP, CEH, OSCP, or GIAC GWEB are highly preferred. • Experience with secure coding practices and software vulnerability assessment tools (e.g. More ❯
System Security Professional Certification (CISSP) or Security X (previously known as the CASP+) Certification required Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience using Customer tools. Must have experience applying Risk Management Framework. Must have experience formulating and assessing IT security policy. Must have demonstrated knowledge of and experience with common … infrastructure, network and enterprise security architecture) and applying risk assessment methodology to system development. Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetrationtesting, anti-virus planning assistance, risk analysis, and incident response. Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls … that encompass the development, design, and implementation. Experience with penetrationtesting tools. Experience with scripting languages. $200,000 - $250,000 a year The pay range for this job, with multi-levels, is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities More ❯
City of London, London, United Kingdom Hybrid / WFH Options
The MDU
part of projects and initiatives. Work with suppliers and vendors to coordinate contract security engineers, ensuring projects are appropriately resourced and deliverables are provided to a high standard. Organise penetrationtesting, managing the necessary remedial work and communicating go-live risks. Contribute to the development of the security architecture, the SDLC, and application security testing standards. Support … point of escalation in the event of Major Incidents, Disaster Recover or Business Continuity scenarios. Work with development teams to ensure applications are delivered having followed best practice security testing as part of the SDLC. Assist the CISO, as required, in the wider delivery of Cyber Security. Skills and Experience: Proven experience in a similar role within a mid More ❯
Responsibilities Partner with development, operations, and security teams to integrate security protocols seamlessly into the software development lifecycle. Design, build, and maintain CI/CD pipelines incorporating automated security testing, vulnerability assessments, and compliance checks. Develop and manage infrastructure as code (IaC) configurations, ensuring secure and scalable cloud resources and infrastructure. Conduct security assessments, code reviews, and penetrationtesting to identify and resolve application, code, and infrastructure vulnerabilities. Monitor system and application logs to detect and address potential security incidents. Implement and oversee identity and access management (IAM) systems to ensure secure authentication and authorization. Provide secure coding guidance to software engineers and assist in remediating security issues. Lead incident response efforts, investigating and mitigating security … code tools, including Terraform, CloudFormation, or Ansible. Strong scripting skills in languages such as Python and Bash for automation and integration. Proficiency with static code analysis, dynamic application security testing (DAST), and vulnerability scanning tools like Fortify and Acunetix. Knowledge: In-depth understanding of security frameworks (e.g., OWASP, NIST) and best practices for mitigating vulnerabilities. Familiarity with common threat More ❯
value. Assist in managing security incidents, vulnerabilities, and malfunctions, ensuring efficient resolution. Conduct forensically sound acquisitions of computer systems and media for evidence collection. Provide advice and guidance in penetrationtesting and improving service offerings. Carry out reviews, internal audits, and spot-checks to ensure effective operation of security measures. Provide expertise in the design and implementation of … science. This will require occasional periods of intense concentration to ensure any evidence collected can be used in a court of law. 16. Provide appropriate advice and guidance in penetrationtesting and improving the service offering. 17. Carry out reviews, internal audits and spot-checks to ensure the effective operation of (but not limited to): IDS/IPS More ❯