1 to 25 of 167 Penetration Testing Jobs in London

of service, understanding third-party risk, and data privacy issues. The analyst serves as an expert on cybersecurity protection, detection, response, and recovery. This individual is responsible for coordinating penetration testing and managing internal and external cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, business systems, data … proofs-of-concept for new security technologies by developing selection criteria to identify appropriate security solutions to support strategic, operational needs, and security requirements. Participate in the development and testing of the security incident response plan, act as the incident response leader. Develop security, risk, and compliance reports and alerts. Participate in the yearly review of policies and procedures … to support information security, risk, and security compliance activities. Participates in developing, testing, and implementation of disaster recovery procedures for the cybersecurity technology in place. Manages cybersecurity projects to ensure that the delivery is on-time, within budget, and adopted to meet the company's information protection requirements. Performs or coordinates internal security assessments, penetration tests, vulnerability scans More ❯

the core network. Work closely with other teams to establish and enforce network access policies, ensuring that only authorized individuals and devices have the correct access privileges. Proactive Security Testing and Vulnerability Management Conduct vulnerability assessments and penetration testing to identify and address security weaknesses in mobile network architectures. Develop and enforce security policies and procedures to More ❯

systems and data. How will you make an impact? Security Tooling: Deploy, maintain, integrate, and perform initial configuration of security tools. Vulnerability Management: Coordinate and conduct regular security assessments, penetration testing, and vulnerability scans to identify and address security weaknesses proactively. Incident Response: Lead incident response efforts to promptly detect, analyze, and mitigate security incidents and breaches. Develop … cloud technologies. Strong understanding of security principles, practices, and frameworks (e.g., PCI, NIST, ISO 27001). Experience with security tools such as SIEM, IDS/IPS, endpoint protection, and penetration testing tools. Experience with public cloud security, specifically AWS, Azure, and Google Cloud Platform (GCP). You will have an advantage if you also have: Relevant certifications such More ❯

including evaluating vendor risk, examining vendor contracts, understanding third-party risk, and data privacy issues. This individual serves as an expert on cybersecurity protection, detection, response, and recovery, coordinating penetration testing and managing cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, data leakage prevention, patching, encryption, vulnerability … Review policies and procedures annually for security compliance. Develop, test, and implement disaster recovery procedures. Manage cybersecurity projects to ensure timely delivery within budget. Perform or coordinate security assessments, penetration tests, and vulnerability scans. Ensure compliance with frameworks like COBIT, NIST, ISO, PCI, GDPR, HIPAA, etc. Provide internal support for security issues within SLAs. Evaluate and implement CIS controls More ❯

so that they are ready for the challenges of today and tomorrow. Essential Duties and Responsibilities: As a Lead InfoSec Consultant, you'll take the lead in executing advanced penetration tests and vulnerability assessments across a diverse portfolio of applications. This is a hands-on, technical role where you'll actively identify, exploit, and help remediate security weaknesses in … teams to integrate security into the SDLC, and playing a critical role in protecting the organisation's digital assets. The successful candidate will play a hands-on role in testing the security of applications, networks, and systems, while ensuring that security standards are integrated into the development process. Key Responsibilities: Penetration Testing & Vulnerability Assessment: Conduct and oversee … regular penetration tests and vulnerability assessments on applications, networks, systems, and infrastructures. Identify, exploit, and document vulnerabilities, including demonstrating the business impact of potential exploits. Analyse and prioritise vulnerabilities based on risk and provide detailed technical reports with recommended remediation steps for developers and system administrators. Keep up to date with the latest security vulnerabilities, exploits, and attack methodologies More ❯

Assist with the collection, collation and presentation of assurance that the Banks security controls are operating as intended and within the Banks risk tolerance (including organising vulnerability management and penetration testing exercises) Lead the Bank's collection, interpretation and dissemination of the current Cyber threat landscape and help with the identification of innovative controls and mitigations to match … servers and cloud services. Understanding of Patching and Vulnerability management Experience Working with security technologies such as Firewalls, Proxies, IDS and AV Planning and scoping security vulnerability assessments and penetration tests Practical experience of developing and implementing policies, processes and procedures as part of an information security programme, including training and awareness to employees at all levels. Experience of More ❯

The team you'll be working with: Consultant - Offensive Security Testing Role Overview: We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus on threat intelligence and attack methods. The ideal candidate will manage and conduct advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across various environments, including … skills, and the ability to provide strategic, actionable recommendations to enhance our clients' security posture. What you'll be doing: Responsibilities: Lead and manage the full lifecycle of complex penetration testing engagements, applying a threat intelligence-led approach. Execute advanced penetration tests across environments such as applications, infrastructure, web, APIs, O365, Azure, AWS, and OT, using current … maintain detailed test plans and use cases informed by threat intelligence analysis. Identify and prioritize critical OT and IT assets based on potential threats and exposure. Plan and schedule testing engagements based on threat assessments and client needs. Produce clear, detailed reports with technical findings, business impact, and strategic remediation recommendations for diverse audiences. Communicate complex security concepts and More ❯

part of projects and initiatives. Work with suppliers and vendors to coordinate contract security engineers, ensuring projects are appropriately resourced and deliverables are provided to a high standard. Organise penetration testing, managing the necessary remedial work and communicating go-live risks. Contribute to the development of the security architecture, the SDLC, and application security testing standards. Support … point of escalation in the event of Major Incidents, Disaster Recover or Business Continuity scenarios. Work with development teams to ensure applications are delivered having followed best practice security testing as part of the SDLC. Assist the CISO, as required, in the wider delivery of Cyber Security. Skills and Experience: Proven experience in a similar role within a mid More ❯

and, where relevant, notify leadership to incorporate information into processes, procedures, and audit preparedness activities. Perform technology security risk assessments. Where appropriate, leverage security shared services (VRA, VM, Pen Testing) and provide oversight and assurance of cybersecurity controls in development and deployment all the way through the system go-live. Hold great working relationships with the Security Architecture team More ❯

best practices within the SDLC, collaborating with developers to ensure secure coding. Conduct security assessments, identify potential threats, and mitigate risks in web and mobile applications. Perform application security testing (SAST, DAST) and manual security code reviews. Implement and manage security tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and … ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in application security, penetration testing, or software security engineering. Strong knowledge of secure coding principles in one or more languages (e.g., Python, Java, JavaScript, Go, .NET). Hands-on experience with SAST … AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP are a plus. Experience with Infrastructure More ❯

best practices within the SDLC, collaborating with developers to ensure secure coding. Conduct security assessments, identify potential threats, and mitigate risks in web and mobile applications. Perform application security testing (SAST, DAST) and manual security code reviews. Implement and manage security tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and … ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in application security, penetration testing, or software security engineering. Strong knowledge of secure coding principles in one or more languages (e.g., Python, Java, JavaScript, Go, .NET). Hands-on experience with SAST … AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP are a plus. Experience with Infrastructure More ❯

best practices within the SDLC, collaborating with developers to ensure secure coding. Conduct security assessments, identify potential threats, and mitigate risks in web and mobile applications. Perform application security testing (SAST, DAST) and manual security code reviews. Implement and manage security tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and … ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in application security, penetration testing, or software security engineering. Strong knowledge of secure coding principles in one or more languages (e.g., Python, Java, JavaScript, Go, .NET). Hands-on experience with SAST … AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP are a plus. Experience with Infrastructure More ❯

client of theirs. You will be joining an AppSec team focused on building security automation into delivery pipelines and conducting security focused tests against digital services. Key Responsibilities Perform penetration testing and vulnerability assessments of web applications, APIs, and cloud infrastructure. Evaluate the automated security tooling into CI/CD pipelines (SAST, DAST, dependency checking, IaC etc), and … expert input on cloud security (AWS, Azure, or GCP) and DevSecOps tooling. Assist in maintaining security assurance across the SDLC in line with MoJ and NCSC guidelines. Essential Criteria Penetration testing, ethical hacking, or vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub More ❯

incident analysis, investigation, and mitigation. Oversee and maintain security equipment including firewalls, intrusion prevention systems (IPS), web application firewalls (WAF), and antivirus systems. Perform periodic security drills and regular penetration testing to ensure the integrity of security systems. Harden security controls across Windows and Linux environments and ensure regular patching and firmware upgrades. Enhance data security through robust … encryption practices during usage, storage, transfer, and disposal. Conduct security evaluations on network and firewall policies and manage application security in both development and testing phases (SAST, DAST). Liaise with internal audit teams and international cybersecurity operations centres to implement security policies and controls. Provide cybersecurity training to ensure staff awareness and compliance. Skills & Qualifications: Minimum 3 years More ❯

incident analysis, investigation, and mitigation. Oversee and maintain security equipment including firewalls, intrusion prevention systems (IPS), web application firewalls (WAF), and antivirus systems. Perform periodic security drills and regular penetration testing to ensure the integrity of security systems. Harden security controls across Windows and Linux environments and ensure regular patching and firmware upgrades. Enhance data security through robust … encryption practices during usage, storage, transfer, and disposal. Conduct security evaluations on network and firewall policies and manage application security in both development and testing phases (SAST, DAST). Liaise with internal audit teams and international cybersecurity operations centres to implement security policies and controls. Provide cybersecurity training to ensure staff awareness and compliance. Skills & Qualifications: Minimum 3 years More ❯

of deploying, maintaining, and configuring a wide range of security technologies within a large and complex environment (anti-malware/EDR, SIEM solutions, vulnerability scanners, patch management, CASB, DLP, penetration testing tools, etc.) Knowledge of TCP/IP and related network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP, VPN etc., and More ❯

Lead and manage IT security incidents, including forensics when necessary. Security Services: Drive the delivery of services including Threat & Vulnerability Management, Privileged Access Management, IAM, DLP, Network Security, and Penetration Testing. Project Leadership: Lead IT/Cybersecurity improvement projects as an SME. Risk & Compliance: Evaluate IT changes for security risks, ensuring compliance with security policies and frameworks like ISO More ❯

and board that Oritain's systems and products are secure. Be a key representative for Cybersecurity in decision-making forums such as the Change Advisory Board (CAB). Manage penetration testing for customer-facing and internal systems, working with internal teams and external partners to implement remediations effectively. Cloud & Application Security Act as the go-to expert for … securing Microsoft Azure, ensuring that cloud security requirements are integrated into all new systems and services. Drive application and platform security by conducting penetration tests, running audits, and managing automated scans like SCA, SAST, and DAST. Maintain a strong Cloud Security Posture by continuously improving infrastructure, processes, and policies. Risk & Compliance Own vulnerability and threat management, identify risks and … a shift-left approach. Cloud Security Tools: Practical experience with Azure Sentinel, Defender, and tools like Wiz or MS Defender for Cloud to identify, mitigate, and monitor security threats. Penetration Testing: Experience managing pen-testing and remediation, including working with third-party suppliers or using tools like Wiz, Cobalt, or internal systems. Infrastructure Security: Hands-on experience More ❯

Cyber Vulnerability Management Analyst Fixed Term Contract (Maternity Cover) 18 months Must have experience working on Tenable.IO, analysed vulnerabilities form penetration testing reports, work with vendors to remediate vulnerabilities, has patch management experience, has patched/worked on windows, Linux and Azure cloud systems, analyse and remediate SOC/NOC alerts. Our Client is a globally recognised, successful … in line with our long-term goals. The role of Cyber Vulnerability Management Analyst is to deal with all remediation work in relation to identified vulnerabilities inclusive of patch testing and implementation within SLA. The job holder will work very closely with all third-party vendors involved in the remediation process. The job holder will also prepare the necessary More ❯

Cyber Vulnerability Management Analyst Fixed Term Contract (Maternity Cover) 18 months Must have experience working on Tenable.IO, analysed vulnerabilities form penetration testing reports, work with vendors to remediate vulnerabilities, has patch management experience, has patched/worked on windows, Linux and Azure cloud systems, analyse and remediate SOC/NOC alerts. Our Client is a globally recognised, successful … in line with our long-term goals. The role of Cyber Vulnerability Management Analyst is to deal with all remediation work in relation to identified vulnerabilities inclusive of patch testing and implementation within SLA. The job holder will work very closely with all third-party vendors involved in the remediation process. The job holder will also prepare the necessary More ❯

Cyber Vulnerability Management Analyst Fixed Term Contract (Maternity Cover) 18 months Must have experience working on Tenable.IO, analysed vulnerabilities form penetration testing reports, work with vendors to remediate vulnerabilities, has patch management experience, has patched/worked on windows, Linux and Azure cloud systems, analyse and remediate SOC/NOC alerts. Our Client is a globally recognised, successful … in line with our long-term goals. The role of Cyber Vulnerability Management Analyst is to deal with all remediation work in relation to identified vulnerabilities inclusive of patch testing and implementation within SLA. The job holder will work very closely with all third-party vendors involved in the remediation process. The job holder will also prepare the necessary More ❯

implementation Information Security Maturity Audits/CMMI Certification or alignment with recognised industry standards Compliance with applicable regulations & legislation Building and implementing governance & risk management processes Design implementation and testing of security tooling BC/DR & Incident response capability building and testing Production of threat intelligence reports and research Supply Chain Risk Management Consultants must possess and be … limited oversight. There is a base requirement to demonstrate understanding of and find ways to integrate activity with BlueVoyant colleagues across the globe, specifically Digital Forensics, Incident Response and Penetration Testing specialists as well as wider BlueVoyant service offerings when appropriate, to produce threat-aware products, services and outputs that are impactful, efficient, cohesive, and are enhanced with More ❯

across our technology stack. What Excites You Develop world-class security practices and controls within a high-growth financial technology business shaping the future of payments. Conduct vulnerability assessments, penetration testing, and risk analysis to identify and mitigate security weaknesses. Embed security by design and threat modelling principles into product development. Lead incident response efforts, coordinating with stakeholders More ❯

expert advice and guidance on security best practices for AI development and deployment. Stay up to date on the latest AI security threats and vulnerabilities. Conduct security audits and penetration testing of AI systems. Collaboration: Collaborate with data scientists, AI engineers, and other stakeholders to ensure security is integrated throughout the AI lifecycle. Communicate security risks and recommendations More ❯

for you to cut your teeth on and a friendly, passionate team to develop and grow. The KPMG’s Cyber Defence (CDS) Team conducts client facing technical assurance and penetration testing and has a long and successful history in KPMG. Our clients are diverse and we cover many sectors with particular specialisms in Financial Services, High-end Defence … Assurance and Telecommunications. We work closely with the NCSC developing new schemes such as Cross Domain Solutions Testing (https://www.ncsc.gov.uk/blog-post/ncsc-cross-domain-industry-pilot-stage-2) and are members of all current NCSC and CREST testing schemes - as a result we conduct interesting and challenging work that isn’t on offer … we are able to offer flexibility in base location, as well as embracing remote working. What will you be doing? Aspects of the role include: HACKING! Learning and developing penetration testing skills in: Infrastructure, Application (web, mobile, desktop), Cloud and AI. Working through a clear and defined certification pathway. Delivering penetration tests to some of our most More ❯