Rate: outside IR35
Location: Travel to London/ Croydon 1-2 week
Duration: 6 months initially
SC clearance or Eligible
Must have CCT CTL, ITHC, CRT
Key Responsibilities
* Conduct internal penetration testing across applications, infrastructure, and end user devices (EUDs).
* Perform scenario-based testing aligned with SbD principles and DSA security non-functional requirements.
* Collaborate with development teams to integrate findings into JIRA workflows for rapid remediation.
* Support the HOST testing pipeline, including planning, execution, and reporting of penetration tests.
* Maintain compliance with NCSC guidance and security standards.
Essential Skills & Experience
* Hands-on experience with penetration testing tools.
* Strong understanding of OWASP, NIST SP 800-53, ISO 27001, and CIS Benchmarks.
* Familiarity with Secure-by-Design principles and CI/CD pipeline integration.
* Experience testing EUDs under operational constraints (e.g. no destructive tools, CSOC coordination).
* Ability to interpret and apply security NFRs across diverse environments.
* Proficiency in JIRA, SharePoint, and vulnerability management platforms.