Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions businesses need to navigate today's changing world. Our clients are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and the owners and management teams that lead them. What we do - Manage risk for our clients to make them stronger for the future. Our Digital business is ready to help organisations identify, manage and monitor their IT risk. We use our advanced tech, innovative methodology and experienced professionals to work alongside our clients to make sustainable change. We're a team IT Risk and Controls Transformation specialists with expertise in ERP, cloud, cyber and business resiliency. Our extensive network and depth of experience mean we work in a highly client-centric way, focused on providing a collaborative, tailor-made advisory service. Our team helps clients manage their IT Risk (including SOx and Cyber) to build dynamic and resilient control environments capable of responding to business and regulatory change. This is your chance to join a fast-paced, growing team and help shape the future of Digital at BDO. We'll help you succeed We are looking to recruit a senior individual to join our expanding Digital team to aid in growing our portfolio of cyber consulting work. The role will typically focus on developing, managing and delivering cyber security assessments, assisting clients to understand and communicate their cyber risk and co-build remediation road maps. As experts on cyber risk, the BDO Digital team advises clients across industries and geographies, staying at the forefront of knowledge of the threat landscape, cyber defence best practices and regulatory expectations. We are a growing service line and encourage our team members to be innovative and identify opportunities for new services that they can build, lead and take to market. Technical Knowledge, Professional Qualifications and Experience We encourage applications from a variety of candidates - the cyber security industry is constantly changing, so there is no single, fixed technical profile. As a consulting line we require people who are strong communicators and can build client relationships. We're committed to building a strong, resilient and adaptable team to lead the cyber consulting market, which is built on a diversity of profiles and skills. An individual with a selection of the following attributes would be an ideal candidate for application: Strong UK network with the ability to leverage relationships Strong and demonstrable experience in delivering complex Cyber engagements. This includes the ability to understand client challenges and develop solution to meet their requirements Strong technical understanding and experience delivering and managing cyber security assessments such as CIS Critical Controls, ISO27001 and NIST CSF Demonstrable interest, training, experience or certification (e.g., CISSP, CISM) in cyber security is highly beneficial Experience in working with clients e.g., leading workshops and report writing Ability to build sustainable relationships and networks with team members and with clients Experience managing teams and a passion for supporting the development of self and others Strong analytical skills to recognise trends and themes in technical findings You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task in hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. We can provide the best support for our clients and people when we're working side by side. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for our clients and satisfying experiences at work, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in them. Across 17 UK locations, we are 6,500 unique minds coming together to help our clients reach their ambitions. We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
06/10/2025
Full time
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions businesses need to navigate today's changing world. Our clients are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and the owners and management teams that lead them. What we do - Manage risk for our clients to make them stronger for the future. Our Digital business is ready to help organisations identify, manage and monitor their IT risk. We use our advanced tech, innovative methodology and experienced professionals to work alongside our clients to make sustainable change. We're a team IT Risk and Controls Transformation specialists with expertise in ERP, cloud, cyber and business resiliency. Our extensive network and depth of experience mean we work in a highly client-centric way, focused on providing a collaborative, tailor-made advisory service. Our team helps clients manage their IT Risk (including SOx and Cyber) to build dynamic and resilient control environments capable of responding to business and regulatory change. This is your chance to join a fast-paced, growing team and help shape the future of Digital at BDO. We'll help you succeed We are looking to recruit a senior individual to join our expanding Digital team to aid in growing our portfolio of cyber consulting work. The role will typically focus on developing, managing and delivering cyber security assessments, assisting clients to understand and communicate their cyber risk and co-build remediation road maps. As experts on cyber risk, the BDO Digital team advises clients across industries and geographies, staying at the forefront of knowledge of the threat landscape, cyber defence best practices and regulatory expectations. We are a growing service line and encourage our team members to be innovative and identify opportunities for new services that they can build, lead and take to market. Technical Knowledge, Professional Qualifications and Experience We encourage applications from a variety of candidates - the cyber security industry is constantly changing, so there is no single, fixed technical profile. As a consulting line we require people who are strong communicators and can build client relationships. We're committed to building a strong, resilient and adaptable team to lead the cyber consulting market, which is built on a diversity of profiles and skills. An individual with a selection of the following attributes would be an ideal candidate for application: Strong UK network with the ability to leverage relationships Strong and demonstrable experience in delivering complex Cyber engagements. This includes the ability to understand client challenges and develop solution to meet their requirements Strong technical understanding and experience delivering and managing cyber security assessments such as CIS Critical Controls, ISO27001 and NIST CSF Demonstrable interest, training, experience or certification (e.g., CISSP, CISM) in cyber security is highly beneficial Experience in working with clients e.g., leading workshops and report writing Ability to build sustainable relationships and networks with team members and with clients Experience managing teams and a passion for supporting the development of self and others Strong analytical skills to recognise trends and themes in technical findings You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to the business. We're committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task in hand. At BDO, we'll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development. We're in it together Mutual support and respect is one of BDO's core values and we're proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we'll support you at every stage in your career, whatever your personal and professional needs. We can provide the best support for our clients and people when we're working side by side. Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you'll always have access to the people and resources you need to do your best work. We know that collaboration is the key to creating value for our clients and satisfying experiences at work, so we've invested in state-of-the-art collaboration spaces in our offices. BDO's people represent a wealth of knowledge and expertise, and we'll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you'll never stop learning at BDO. We're looking forward to the future At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy. Our success is powered by our people, which is why we're always finding new ways to invest in them. Across 17 UK locations, we are 6,500 unique minds coming together to help our clients reach their ambitions. We've got a clear purpose, and we're confident in our future, because we're adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.
Senior Penetration Tester Location: Fully Remote (UK-Based) Salary Range: £50,000 - £85,000 (dependent on experience) Position: Permanent, Full-Time My client is a dynamic and growing cybersecurity consultancy dedicated to providing top-tier security services to a diverse range of clients. They believe in empowering the team with the flexibility of remote work while tackling challenging and engaging projects that make a real difference to their clients' security posture. The Role We are seeking a highly skilled and motivated Senior Penetration Tester to join our remote team. You will be responsible for leading and executing complex penetration tests against a variety of systems, networks, and applications. The ideal candidate is not just a proficient tester but a critical thinker who can articulate risks clearly and provide pragmatic remediation advice to clients. Key Responsibilities Plan, lead, and execute sophisticated penetration tests across infrastructure, web applications, APIs, and internal networks. Conduct advanced Red Team exercises to simulate real-world adversary attacks and test organisational defences. Produce high-quality, clear, and concise reports for both technical and executive audiences, detailing findings, risks, and actionable remediation strategies. Mentor and provide guidance to junior members of the team, promoting best practices and knowledge sharing. Collaborate with clients to scope engagements, present findings, and provide expert advice on mitigating identified vulnerabilities. Stay abreast of the latest security vulnerabilities, attack vectors, tools, and methodologies. Contribute to the continuous improvement of our testing methodologies and service offerings. Essential Skills & Qualifications Must hold active CREST Certified Tester (CRT) certification. (Non-negotiable) Proven commercial experience in a penetration testing role. Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities. Strong experience in web application penetration testing (OWASP Top 10). Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.). Excellent written and verbal communication skills, with a proven ability to write detailed technical reports. A proactive and self-motivated attitude, capable of working effectively in a fully remote environment. Desirable Skills & Qualifications Experience with or knowledge of implementing Cyber Essentials and Cyber Essentials Plus schemes is highly desirable. Additional certifications such as: CREST Certified Simulated Attack Specialist (CCSAS) / Certified Simulated Attack Manager (CCSAM) Offensive Security Certified Professional (OSCP) Certified Information Systems Security Professional (CISSP) SANS GIAC Penetration Tester (GPEN) or Web Application Penetration Tester (GWAPT) Experience in mobile application (iOS/Android) testing, cloud security (AWS/Azure/GCP), or social engineering. Experience scripting in Python, PowerShell, or Bash to develop custom tools or exploits. What We Offer A competitive salary of £50,000 - £85,000 . Fully remote working - work from anywhere in the UK. A supportive and collaborative culture with a strong focus on professional development.
01/10/2025
Full time
Senior Penetration Tester Location: Fully Remote (UK-Based) Salary Range: £50,000 - £85,000 (dependent on experience) Position: Permanent, Full-Time My client is a dynamic and growing cybersecurity consultancy dedicated to providing top-tier security services to a diverse range of clients. They believe in empowering the team with the flexibility of remote work while tackling challenging and engaging projects that make a real difference to their clients' security posture. The Role We are seeking a highly skilled and motivated Senior Penetration Tester to join our remote team. You will be responsible for leading and executing complex penetration tests against a variety of systems, networks, and applications. The ideal candidate is not just a proficient tester but a critical thinker who can articulate risks clearly and provide pragmatic remediation advice to clients. Key Responsibilities Plan, lead, and execute sophisticated penetration tests across infrastructure, web applications, APIs, and internal networks. Conduct advanced Red Team exercises to simulate real-world adversary attacks and test organisational defences. Produce high-quality, clear, and concise reports for both technical and executive audiences, detailing findings, risks, and actionable remediation strategies. Mentor and provide guidance to junior members of the team, promoting best practices and knowledge sharing. Collaborate with clients to scope engagements, present findings, and provide expert advice on mitigating identified vulnerabilities. Stay abreast of the latest security vulnerabilities, attack vectors, tools, and methodologies. Contribute to the continuous improvement of our testing methodologies and service offerings. Essential Skills & Qualifications Must hold active CREST Certified Tester (CRT) certification. (Non-negotiable) Proven commercial experience in a penetration testing role. Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities. Strong experience in web application penetration testing (OWASP Top 10). Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.). Excellent written and verbal communication skills, with a proven ability to write detailed technical reports. A proactive and self-motivated attitude, capable of working effectively in a fully remote environment. Desirable Skills & Qualifications Experience with or knowledge of implementing Cyber Essentials and Cyber Essentials Plus schemes is highly desirable. Additional certifications such as: CREST Certified Simulated Attack Specialist (CCSAS) / Certified Simulated Attack Manager (CCSAM) Offensive Security Certified Professional (OSCP) Certified Information Systems Security Professional (CISSP) SANS GIAC Penetration Tester (GPEN) or Web Application Penetration Tester (GWAPT) Experience in mobile application (iOS/Android) testing, cloud security (AWS/Azure/GCP), or social engineering. Experience scripting in Python, PowerShell, or Bash to develop custom tools or exploits. What We Offer A competitive salary of £50,000 - £85,000 . Fully remote working - work from anywhere in the UK. A supportive and collaborative culture with a strong focus on professional development.
Gold Group Recruitment are seeking an Information Assurance Specialist to join our client’s internal IT Security Group. This opportunity is based in Surrey and is offering a salary of up to £63k per annum depending on experience.
The IT Security Group is the lead for all cyber security related activity within the company and its functions are split into two areas;
Governance, Accreditation and Compliance - providing security advice and guidance to the wider IT Department to support IT projects and change management and to the business with regard to accreditation, customer requests, service requests and general user queries
IT Security Operations - providing effective security monitoring, testing and analysis of the IT infrastructure
Responsibilities for the Information Assurance Specialist:
* Understand the different compliance frameworks required by the business (including, but not limited to, ISO 27001, MOD DAIS, Cyber Essentials, MOD Cyber Profiles, Australian DoD, etc)
* Engagement with the broader security industry and community to ensure company is aware of current and future threats, and is aligned with industry best practise.
* Develop contacts with relevant IT Accreditors and key customer IT Security functions.
* Review and update of the adequacy and completeness of IT Security documentation against changing customer and regulatory requirements including defence, civil nuclear, commercial, and data protection, and in the light of emerging risks.
* Support the accreditation processes, working with internal and external stakeholders to acquire and maintain all required security certifications.
* Liaise with other governance process holders, both in the IT department and the wider business, to ensure security best practise is correctly included in applicable procedures.
* Creation and maintenance of the IT security standards and other documentation to enable delegation of day to day IT security tasks to the IT Operations Group.
* Provide advice and guidance to IT Department projects, reviews, change requests and development processes
* Provide advice and guidance to the wider business regarding customer requests, service requests and general user queries
* Manage 3rd party cyber security audit processes
* Undertake security audits across IT systems, applications, processes and projects.
* Keep current with the latest threats, vulnerabilities and developments in cyber security.
* Taking an active part in security incident response
* Taking an active part in the continuous improvement processes with the wider IT department to ensure that security improvements are completed
* Identification and analysis of vulnerabilities within the Companies IT infrastructure, prioritising them in the context of the business
* Ensuring the IT security tools and systems are implemented and upgraded in line with industry best practise or vendor recommendation, and ensuring all security systems remain fit for purpose.
* Maintain relationships with key IT security suppliers to ensure continued delivery of service
* Information Assurance
* Adhere to the Company Information Assurance Manual and Handbook of Security Procedures.
* Ensure that the appropriate levels of protection, storage and access control are applied to all information in the company’s possession.
* Adhere to the acceptable use policy for all company IT systems and resources to which they have been granted access.
* Ensure the physical security of the Companies premises when responsible for the locking up process.
Although individual specialists will have specific lead responsibilities, they will be expected to be able to take on any of the duties of the IT Security group when required, and hence are expected to have a range of skills from both categories below.
Skills, Knowledge and Experience required
* Developing IT security department processes and procedures
* Understanding and developing controls in line with ISO 27000, Cyber Essentials, CIS (SANS) cyber controls & CSA Cloud cyber controls
* Conducting, or participating, in internal and external audit processes
* Broad IT knowledge to be able to provide security input into a range of projects
* Understanding and analysing system vulnerabilities
* Identification of remediation activities, working alongside IT Operations and Infrastructure Groups
* Understanding attack vectors and exploitation of vulnerabilities
* Understand firewall, network and server logs
* Network traffic capture and analysis.
* Understand the features of modern security monitoring systems
* The ability to analyse events and reported incidents
The Information Assurance Specialist should have experience in the following types of security tools
* Vulnerability scanning and analysis
* Enterprise SIEMs
* Network and host Intrusion Detection Systems
* Endpoint security and monitoring solutions
* Digital Forensics & Incident Response (DFIR) tools
* Qualifications
* Relevant cyber security qualifications are desirable, but not obligatory. Candidates will be assessed on their experience and capability. Relevant qualifications include:
* 27000 Lead Implementer or Auditor
* CISSP
* SANS GCIA & GCIH
* Certified Ethical Hacker (CEH)
* CCSP
This advert was posted by Gold Group - one of the UK's leading niche recruitment consultancies. We span a variety of specialist industries and are the recruitment company to help you find your next career opportunity. We pride ourselves on our commitment to candidates and stick to our ethos of finding the right role for the right person. Visit our website or get in touch today to discuss this role, find out what else we've got or just for a chat about the state of your industry. Services advertised by Gold Group are those of an Agency and/or an Employment Business. Please be aware that we receive a high volume of applications for every role advertised and regularly receive applications from candidates who exceed the job credentials. We will only contact you within the next 14 days if you are selected for interview. A copy of our privacy policy can be found here: https://(url removed)/about-us/privacy-policy. Gold Group is an equal opportunity & diversity employer. A copy of our equal opportunity & diversity policy can be found here: https://(url removed)/about-us/equality-and-diversity-policy
29/10/2018
Gold Group Recruitment are seeking an Information Assurance Specialist to join our client’s internal IT Security Group. This opportunity is based in Surrey and is offering a salary of up to £63k per annum depending on experience.
The IT Security Group is the lead for all cyber security related activity within the company and its functions are split into two areas;
Governance, Accreditation and Compliance - providing security advice and guidance to the wider IT Department to support IT projects and change management and to the business with regard to accreditation, customer requests, service requests and general user queries
IT Security Operations - providing effective security monitoring, testing and analysis of the IT infrastructure
Responsibilities for the Information Assurance Specialist:
* Understand the different compliance frameworks required by the business (including, but not limited to, ISO 27001, MOD DAIS, Cyber Essentials, MOD Cyber Profiles, Australian DoD, etc)
* Engagement with the broader security industry and community to ensure company is aware of current and future threats, and is aligned with industry best practise.
* Develop contacts with relevant IT Accreditors and key customer IT Security functions.
* Review and update of the adequacy and completeness of IT Security documentation against changing customer and regulatory requirements including defence, civil nuclear, commercial, and data protection, and in the light of emerging risks.
* Support the accreditation processes, working with internal and external stakeholders to acquire and maintain all required security certifications.
* Liaise with other governance process holders, both in the IT department and the wider business, to ensure security best practise is correctly included in applicable procedures.
* Creation and maintenance of the IT security standards and other documentation to enable delegation of day to day IT security tasks to the IT Operations Group.
* Provide advice and guidance to IT Department projects, reviews, change requests and development processes
* Provide advice and guidance to the wider business regarding customer requests, service requests and general user queries
* Manage 3rd party cyber security audit processes
* Undertake security audits across IT systems, applications, processes and projects.
* Keep current with the latest threats, vulnerabilities and developments in cyber security.
* Taking an active part in security incident response
* Taking an active part in the continuous improvement processes with the wider IT department to ensure that security improvements are completed
* Identification and analysis of vulnerabilities within the Companies IT infrastructure, prioritising them in the context of the business
* Ensuring the IT security tools and systems are implemented and upgraded in line with industry best practise or vendor recommendation, and ensuring all security systems remain fit for purpose.
* Maintain relationships with key IT security suppliers to ensure continued delivery of service
* Information Assurance
* Adhere to the Company Information Assurance Manual and Handbook of Security Procedures.
* Ensure that the appropriate levels of protection, storage and access control are applied to all information in the company’s possession.
* Adhere to the acceptable use policy for all company IT systems and resources to which they have been granted access.
* Ensure the physical security of the Companies premises when responsible for the locking up process.
Although individual specialists will have specific lead responsibilities, they will be expected to be able to take on any of the duties of the IT Security group when required, and hence are expected to have a range of skills from both categories below.
Skills, Knowledge and Experience required
* Developing IT security department processes and procedures
* Understanding and developing controls in line with ISO 27000, Cyber Essentials, CIS (SANS) cyber controls & CSA Cloud cyber controls
* Conducting, or participating, in internal and external audit processes
* Broad IT knowledge to be able to provide security input into a range of projects
* Understanding and analysing system vulnerabilities
* Identification of remediation activities, working alongside IT Operations and Infrastructure Groups
* Understanding attack vectors and exploitation of vulnerabilities
* Understand firewall, network and server logs
* Network traffic capture and analysis.
* Understand the features of modern security monitoring systems
* The ability to analyse events and reported incidents
The Information Assurance Specialist should have experience in the following types of security tools
* Vulnerability scanning and analysis
* Enterprise SIEMs
* Network and host Intrusion Detection Systems
* Endpoint security and monitoring solutions
* Digital Forensics & Incident Response (DFIR) tools
* Qualifications
* Relevant cyber security qualifications are desirable, but not obligatory. Candidates will be assessed on their experience and capability. Relevant qualifications include:
* 27000 Lead Implementer or Auditor
* CISSP
* SANS GCIA & GCIH
* Certified Ethical Hacker (CEH)
* CCSP
This advert was posted by Gold Group - one of the UK's leading niche recruitment consultancies. We span a variety of specialist industries and are the recruitment company to help you find your next career opportunity. We pride ourselves on our commitment to candidates and stick to our ethos of finding the right role for the right person. Visit our website or get in touch today to discuss this role, find out what else we've got or just for a chat about the state of your industry. Services advertised by Gold Group are those of an Agency and/or an Employment Business. Please be aware that we receive a high volume of applications for every role advertised and regularly receive applications from candidates who exceed the job credentials. We will only contact you within the next 14 days if you are selected for interview. A copy of our privacy policy can be found here: https://(url removed)/about-us/privacy-policy. Gold Group is an equal opportunity & diversity employer. A copy of our equal opportunity & diversity policy can be found here: https://(url removed)/about-us/equality-and-diversity-policy
