Penetration Tester – Infrastructure Focus Location: London preferred (Hybrid) Salary: £70,000 – £105,000 (London) Level: Senior Consultant to Principal Consultant (SC–PC) ⏱ Flexible hybrid model | High-trust culture | Mission-critical work The Opportunity Join a high-impact consultancy at the forefront of innovation and digital transformation. You’ll be part of a specialist team delivering critical infrastructure penetration tests across some of the most sensitive environments in the UK — from defence and national security to critical infrastructure and operational technology. This is not a web application role. We’re looking for an infrastructure-focused penetration tester with the technical confidence and consultancy mindset to work independently, lead engagements, and deliver real-world impact. If you want to push beyond checklists and automated scans and into deep, hands-on testing — this is the place to do it. What You’ll Be Doing Deliver end-to-end infrastructure and internal network testing (Active Directory, internal corporate networks, etc.) Identify and exploit vulnerabilities across complex environments with minimal documentation Communicate technical findings through clear written reports and debriefs to a range of stakeholders Support sensitive clients operating in production environments — where mistakes matter Contribute to tooling, methodologies, and continuous improvement of team capability Engage with a technical and non-technical audience, acting as a trusted security advisor What You Bring Core Skills: 4 years of penetration testing experience (infrastructure/internal focus) Strong hands-on expertise with Active Directory attacks, lateral movement, and privilege escalation Experience navigating live and legacy production systems Comfortable in Windows and Linux command-line environments Desirable: Python scripting or automation experience Familiarity with OT (Operational Technology) networks Experience with tools like CrackMapExec, BloodHound, PowerView, etc. Certifications (a bonus, not a barrier): CREST CTM, CTL, CSTM, Cyber Scheme Practitioner OSCP Lapsed certifications are fine if practical skills are strong Team & Work Environment Tight-knit, high-performing team (2–3 people) with deep trust and autonomy Remote-first culture (approx. 80% remote) with flexibility for client needs (up to 2 days per week on-site if required) Fast-paced environment with complex technical challenges Expect to hit the ground running – support is there, but this is a role for a self-starter