Penetration Tester / Cyber Security – London - £45-85k depending on experience + benefits

London based integrated cyber security service provider is actively recruiting for an experienced
Penetration Tester / Cyber Security consultant to join their rapidly expanding team that delivers
work on client projects in London and the South East.

Responsibilities include:

 Delivering a range of black-box, grey-box and / or white-box penetration testing to clients.

 Working on projects in web or mobile application testing, or infrastructure testing.
 Delivering reports to clients that highlight areas of identified weaknesses.
 Providing advice to clients on technical-remediation routes.
 Delivering all projects to the very high standards our clients expect.
 Work with other members of the team to share knowledge and experience, and to find creative
ways of solving technical issues.
 Attending project commencement calls and meetings to finalise the scope for upcoming projects.

Essential Requirements

 Experience of delivering hands-on web / mobile application and infrastructure testing.

 Demonstrable experience of Kali, Burpsuite, security research and exploit creation.
 You should hold (or be working toward) at least one of the following qualifications:
o CREST Registered Tester (CRT).
o CHECK Team Member (CTM).
o CHECK Team Leader (CTL).
o Offensive Security OSCP.
 A creative approach to performing thorough proven-method tests.
 The ability to work towards client-led or internal deadlines.
 Full knowledge of OWASP Top 10 and SANS CWE Top 25; and how to exploit vulnerable systems in
each of these categories.
 You will need very strong communication skills including:
o Excellent verbal and written communication skills, and the ability to write strong technical reports.
o An articulate and confident presentation style.
o Ability to explain how exploits were carried out, and how a client should remediate.
 Highly responsive with an ability to handle escalations quickly and professionally.
 5+ years’ professional experience.
 Willingness to travel.

Desirable:

 We are looking to progress testers through to the following accreditations:

o CREST Certified Infrastructure Tester (CCT INF).
o CREST Certified Web Applications Tester (CCT WEB).
o CREST Certified Simulated Attack Specialist (CCSAM).
 Ideally you will be fluent with programming skills and have strong knowledge of ASP .net, PHP, Java,
Python, Objective C and C#.
 Strong database (MS SQL, MySQL) and web server (IIS, Apache) skills.
 Experience of testing a variety of platforms including iOS, Android, Windows and Linux.
 API testing.
 SCADA / high-availability system testing.
 Any experience of research, authoring, public-speaking or intelligence analysis.
 Degree in computing (security element).

 Generous holiday allowance – up to 30 days.

 Research / lab time – Got a pet security project? We’ll give you the time to finish it; and explore
options for further research.
 Speaking opportunities – Our pen test team is well respected, and we would expect you to present
on a regular basis to the community.
 Flexible working – Remote work can be carried out from home if business needs permit.
 Training – Each of our consultants is assigned to an ongoing professional training programme,
agreed upon commencement and each year thereafter.
 Conferences – We expect the penetration testing team to make a visible presence at industry
conferences, such as OWASP, Black Hat and DefCon.
 Flexible benefits – pension, health, gym membership, cycle to work scheme, season ticket loans,
company car scheme.