We’re working with a boutique offensive security consultancy that delivers expert-led, context-aware, and manually executed testing services to clients ranging from start-ups to global enterprises. Moving away from scanners and checklists, they focus on deep-dive, tailored assessments that prioritise quality over quantity.
Their work covers a wide range of technical areas, including web and API testing, mobile apps, internal networks, cloud environments, and red team-style simulations, with web application testing currently making up around 80% of their engagements.
As their first technical hire, they’re looking for a Penetration Tester with strong manual testing skills and a passion for high-quality security work. You’ll be instrumental in shaping delivery standards, tooling, internal processes, and the future technical team as the company scales.
What You’ll Be Doing:
* Manual testing of web applications and APIs (custom logic flaws, IDOR, authentication issues, etc.)
* Infrastructure and cloud security reviews across AWS, Azure, and internal/external networks
* Threat modelling, red team-style assessments, and social engineering for select clients
* Mobile application testing and internal network assessments (as part of broader project scopes)
* End-to-end client engagement from scoping and testing through to reporting and debriefing
* Producing clear, high-signal reports with actionable remediations and relevant risk context
You’ll Help Shape:
* Testing methodologies and delivery standards
* Internal tooling, documentation, and operational processes
* The technical team’s structure and culture as the business grows
What We’re Looking For:
* 2+ years of experience as a Penetration Tester
* Strong skills in manual web application testing
* OSCP or equivalent certifications (e.g. CREST, CRT)
* Comfortable communicating directly with clients and founders
* Based in the UK
What’s On Offer:
* Competitive salary
* Remote-first working model
* The opportunity to shape a high-quality, growing consultancy from day one