Penetration Tester
A leading financial services firm is seeking a highly skilled and detail-oriented Penetration Tester to join its Information Security team in London. This hands-on role is ideal for someone with deep technical expertise and the ability to communicate complex findings clearly to both technical teams and senior stakeholders. You'll play a pivotal role in evaluating and enhancing the organisation's security posture-identifying vulnerabilities, testing defences, and ensuring alignment with internal policies and industry standards.
Key Responsibilities:
- Execute comprehensive penetration tests across infrastructure, applications, cloud environments, and business-critical processes.
- Utilize both technical attack vectors and social engineering techniques to assess overall security posture.
- Conduct vulnerability assessments and perform manual exploitation to validate identified risks.
- Evaluate the effectiveness of security controls including IAM, endpoint protection, cloud configurations, and DLP.
- Design and maintain audit plans and testing procedures aligned with risk-based priorities.
- Produce clear, actionable reports tailored to both technical and non-technical audiences.
- Communicate audit results and risk assessments to stakeholders, including senior management.
Required Qualifications:
- Bachelor's degree in Computer Science, Information Security, or equivalent experience.
- Proven experience in penetration testing, vulnerability assessment, and security auditing.
- Strong knowledge of attack vectors, exploitation techniques, and social engineering.
- Hands-on expertise with tools such as Burp Suite, Nessus, Metasploit, Nmap, Wireshark.
- Familiarity with security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
- Experience securing infrastructure, applications, cloud environments, and endpoints.
- Strong analytical and communication skills, with the ability to tailor messaging for diverse audiences.
- Experience producing audit documentation and executive-level summaries.
- Relevant certifications such as OSCP, OSCE, CREST, CISSP, CISM, CEH, or similar.
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your resume and details on file so when we see similar roles or see skillsets that drive growth in organizations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your resume so you can be considered for roles that have yet to be created.
Yes, we help with resume and interview preparation. From customized support on how to optimize your resume to interview preparation and compensation negotiations, we advocate for you throughout your next career move.