We’re looking for a highly skilled Lead Penetration Tester with CHECK Team Lead (Web App) to join our dynamic security team. This is a senior, hands‑on role where you’ll lead and deliver complex web application and API penetration testing engagements, working with a diverse range of clients across software, fintech, manufacturing, engineering, legal, and public sector organisations.
You’ll play a pivotal role in shaping our application security testing capability, coordinating end‑to‑end engagements, mentoring junior testers, and contributing to the ongoing evolution of our tooling and methodologies. If you enjoy deep technical work, solving complex application security problems, and working closely with developers and stakeholders, we’d love to hear from you.
What You’ll Do
* Lead and execute web application and API penetration tests as a CHECK Team Leader (App).
* Manage end‑to‑end engagements: from scoping and kick‑off sessions through to delivery and client debriefs.
* Perform in‑depth manual testing of modern web applications, authentication flows, APIs, and business logic.
* Produce clear, detailed, and actionable reports outlining vulnerabilities and tailored remediation guidance.
* Stay ahead of emerging application‑level threats and integrate new testing techniques into our methodology.
* Automate repetitive tasks and improve efficiency through scripting and tooling enhancements.
* Mentor and coach junior testers, particularly around web application testing techniques and report quality.
* Enhance application‑focused tools and methodologies, keeping our services current and effective.
* Support pre‑sales efforts as a subject‑matter expert in web application security.
* Communicate findings effectively to both technical and non‑technical stakeholders.
* Contribute to thought leadership through blogs, white papers, or speaking engagements.
Essential Skills
* CHECK Team Lead (CTL) status – Web Applications.
* Current UK SC Clearance.
* Minimum 5 years’ penetration testing experience, with a strong focus on web applications and APIs.
* Proven experience leading and signing off CHECK web application engagements.
* Deep expertise in web application, API, and authentication testing methodologies.
* Solid understanding of modern application architectures (cloud‑hosted apps, microservices, REST APIs).
* Working knowledge of cloud environments (AWS, Azure, GCP) as they relate to application security.
* Proficiency with tools such as Burp Suite Pro, along with supporting tooling (e.g. Nmap, Kali).
* Strong scripting skills (Python, Shell, etc.).
* Excellent communication and technical report‑writing skills.
Why Join Instil?
* Recognition That Matters: A discretionary annual performance bonus that rewards your impact and contribution to our success.
* Flexibility Built In: Flexible working arrangements and summer hours, because life isn’t 9 to 5, and balance matters.
* Financial Security: A highly competitive pension scheme with generous employer contributions, private healthcare, and life assurance for peace of mind.
* Health & Wellbeing: Employee Assistance Programme, mental health support, cycle‑to‑work scheme, and regular social events to keep our culture vibrant.
* Time to Recharge: 35 days holiday, enhanced maternity pay, and family‑first policies so you can focus on what matters most.
* Learning Never Stops: From courses to certifications, we’ll invest in your development so you can keep growing and shaping what’s next.
* Community & Culture: Opportunities to volunteer, give back, and be part of initiatives that make Instil a truly inclusive and connected workplace.
J-18808-Ljbffr