Job Title - Lead Security Consultant (CHECK Team Leader)
Reporting To - CTO
Location - United Kingdom (Remote with occasional travel to client sites and company offices)
Security Clearance
- Current Security Check (SC) clearance as a minimum.
- Eligibility and willingness to obtain or maintain higher levels of UK Government security clearance if required.
- Must meet all requirements for working on UK Government and Critical National Infrastructure engagements.
We are Citation Cyber – we provide accessible and dynamic cyber security services that extend beyond technology to encompass people, culture, processes, and even the physical environment of businesses. We combine knowledge and integrity to protect data, assets, and intellectual property against cybercrime. Our team of certified ethical hackers, qualified consultants, and expert trainers offer end-to-end cyber security services to make businesses as resilient as possible against cyber-attacks.
Citation Cyber forms part of Citation Group. We are The Citation Group - Citation Group is a collective of businesses dedicated to supporting small and medium-sized enterprises across a range of essential services. We know that running a business means juggling a lot. Our mission is to ease these pressures by providing expertise, guidance, and solutions that enable business leaders to focus on what they do best. From HR and Health & Safety to Cybersecurity, E-Learning, and ISO compliance, we’ve got you covered.
Citation has achieved strong growth through a combination of organic expansion and strategic acquisitions, continually broadening our expertise, services, and reach to create a one-stop shop that supports businesses across the UK, Canada and Australia.
Role Purpose
The Lead Penetration Tester will provide technical leadership across penetration testing engagements while managing a team of security consultants and penetration testers. The role combines hands-on offensive security expertise with people management responsibilities, ensuring the delivery of high-quality testing services in line with NCSC CHECK standards, CREST methodologies, and company quality requirements.
The successful candidate will hold (or be eligible to hold) NCSC CHECK Team Leader (CTL) status and will be responsible for overseeing the planning, execution, quality assurance, and delivery of penetration testing services across a diverse client portfolio.
The role will also support the growth and development of the technical team through mentoring, coaching, performance management, and capability development initiatives.
Key Responsibilities
Technical Leadership
- Lead and deliver complex penetration testing engagements
- Act as the senior technical authority for penetration testing engagements.
- Provide technical guidance and support to penetration testers and security consultants.
- Ensure testing methodologies align with:
- NCSC CHECK requirements
- CREST standards
- OWASP Testing Guide
- Review and validate findings to ensure technical accuracy and consistency.
- Perform peer reviews and quality assurance of technical reports.
- Lead technical investigations and exploitation activities where advanced expertise is required.
- Assist in developing new service offerings and offensive security capabilities.
Team Management
- Manage and develop a team of penetration testers and security consultants.
- Conduct regular one-to-one meetings and performance reviews.
- Support recruitment activities, including:
- CV reviews
- Technical interviews
- Assessment exercises
- Create and manage personal development plans for team members.
- Identify training requirements and support professional certification pathways.
- Mentor junior and mid-level consultants.
- Foster a collaborative and high-performance team culture.
- Support succession planning and capability development within the team.
Client Engagement
- Act as a trusted technical advisor to clients.
- Participate in client scoping discussions and pre-sales engagements.
- Support sales teams with:
- Technical proposals
- Statements of Work
- Effort estimations
- Solution design
- Present findings to both technical and non-technical stakeholders.
- Deliver remediation workshops and technical debrief sessions.
- Build long-term client relationships through exceptional service delivery.
Governance & Compliance
- Ensure adherence to:
- NCSC CHECK standards
- CREST Codes of Conduct
- Company policies and procedures
- Information security requirements
- GDPR and data protection regulations
- Support audit and accreditation activities.
- Maintain accurate project documentation and testing records.
- Ensure testing activities are conducted safely, ethically, and within agreed scopes.
Essential Skills & Experience
Technical Experience
- Minimum 5+ years of penetration testing experience.
- Demonstrable experience leading complex penetration testing engagements.
- Strong expertise in:
- Web application security
- Network penetration testing
- Active Directory security assessments
- Cloud security testing (Azure and/or AWS)
- Vulnerability research and exploitation
- Strong understanding of IT environments including Cloud:
- Experience using industry-standard tools.
Leadership Experience
- Previous line management experience.
- Experience leading and mentoring technical teams.
- Demonstrated ability to manage multiple concurrent projects.
- Experience in performance management and staff development.
- Strong stakeholder management skills.
Essential Qualifications & Certifications
Candidates must hold one or more of the following:
Mandatory
- NCSC CHECK Team Leader (CTL) status or demonstrable eligibility to obtain CTL.
- Current UK Security Clearance (SC) or ability to obtain and maintain clearance.
Personal Attributes
- Strong leadership and mentoring capabilities.
- Excellent written and verbal communication skills.
- Ability to explain technical concepts to non-technical audiences.
- Commercial awareness and client-focused mindset.
- High attention to detail.
- Strong analytical and problem-solving abilities.
- Ability to work independently and make informed decisions.
- Professional, ethical, and trustworthy.
- Passionate about developing others and advancing offensive security capabilities.
Key Performance Indicators (KPIs)
- Delivery quality and client satisfaction scores.
- Utilisation and billable performance of the team.
- Report quality and peer review outcomes.
- Team retention and engagement.
- Certification and development progress within the team.
- Successful delivery of CHECK and CREST-aligned engagements.
- Contribution to service development and technical innovation.
- Revenue and profitability targets associated with managed engagements.
Package Expectations
- Competitive salary depending on experience and CTL status.
- Pension contribution.
- Private healthcare.
- Professional certification funding.
- Dedicated training budget.
- Flexible and hybrid working arrangements.
- Paid attendance at industry conferences and events.
