Back to search
Oscar Linkedin · Posted 13d ago

Penetration Tester

United Kingdom

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Penetration Tester (CREST, OSCP) | Hybrid, London | £55-60k


We are working with a well-established cyber security and AI consultancy that is looking for a mid-level Security Testing Consultant to join their growing testing practice in London. This is a great opportunity to work within an accredited testing team, delivering hands-on technical engagements for a varied client base.


The consultancy has a clear, structured route into specialist service lines including AI security, assumed breach exercises and red teaming over the next 2 years - making this a strong move for someone who wants more than a standard testing role.


Location: London (3 days onsite)

Salary: £55,000-60,000 + competitive package


What You'll be Doing:

  • Owning the full delivery of penetration testing engagements, from scoping through to testing, reporting and client debriefs
  • Testing across web applications, infrastructure, cloud platforms and APIs, with mobile and wireless work as project mix demands
  • Producing clear, well-written reports and presenting findings confidently to both technical and executive audiences
  • Providing remediation guidance and follow-up support once engagements are complete
  • Contributing to the ongoing development of the team's testing methodology and tooling
  • Supporting and mentoring junior members of the testing team
  • Staying current with offensive security research, techniques and emerging threats


Key Skills and Experience Needed:

  • Around 2-5 years' hands-on penetration testing experience
  • Strong web application testing skills aligned to OWASP WSTG, with solid Burp Suite experience
  • Confident infrastructure and network testing background, including Active Directory
  • Cloud security testing experience in at least one of AWS, Azure or GCP
  • API testing experience - REST essential, GraphQL desirable
  • Confident use of core offensive tooling: Kali, Burp Suite, Nmap, a vulnerability scanner (Nessus, Qualys or similar), and Metasploit
  • Good understanding of common application, network and cloud security controls, and how they can fail
  • At least one current accreditation such as CREST CPSA/CRT, OSCP or OSWE (or equivalent)
  • Strong written English and the ability to produce clear, structured reports


Desirable Skills:

  • Familiarity with mobile testing concepts (OWASP MASTG) and/or wireless testing
  • Containerisation (Docker/Kubernetes) or CI/CD security knowledge
  • Red team or social engineering exposure
  • Any hands-on AI/LLM security testing experience


Why This Role?

This isn't a "testing treadmill" position. There's a clearly mapped progression path that moves successful consultants from core testing work into higher-value, more specialist services - including AI security assessments, assumed breach exercises and red team operations.


Study time and funded certifications (potentially including OSCP, OSWE, OSEP, CRTO, CCT and emerging AI security accreditations) are built into the personal development plan, alongside conference attendance.


If this sounds right for you, apply now for immediate consideration!

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent