27 jobs found

Posted On 22/05/2026 Job Information 47500 Computer City Maryport Province United Kingdom Postal Code CA15 8NG Job Description We are hiring, exclusively, for Indelible Data who are looking to welcome a Lead Cyber Essentials Plus Assessor to their team. About Indelible Data Indelible Data Limited is a UK-based cyber security consultancy specialising in Cyber Essentials, Penetration Testing, Defence Cyber Certification, ISO 27001, and cyber security training. We help public sector organisations and private clients manage risk, achieve compliance, and improve resilience. Role Overview We are seeking a Cyber Essentials Plus Lead Assessor to lead, mentor and support our team of assessors as well as guiding organisations through the Cyber Essentials Plus certification process. You will conduct assessments, provide actionable remediation advice, and support clients in achieving certification. Key Responsibilities Lead Cyber Essentials Plus assessments for multiple clients Conduct IT systems gap analysis and vulnerability checks Provide guidance on remediation and compliance with NCSC guidance Prepare reports and support documentation for certification Act as a technical authority for assessors Ensure assessments follow best practice Support continuous improvement of assessment processes, documentation, and internal procedures. Perform quality assurance reviews of assessments and reports to ensure consistency and compliance. Requirements Skills & Experience Strong understanding of NCSC guidance, cyber security controls, and UK Government standards Experience in IT systems assessment, vulnerability scanning, and risk analysis Excellent report writing and communication skills Ability to work independently and within multidisciplinary teams Required Qualifications / Experience: 3 Years' experience working in the Information Security, tech or compliance industry. IASME Cyber Essentials Basic Assessor IASME Cyber Essentials PLUS Assessor Qualified (Includes confirmation of the IASME VA+ Exam being passed). One of the following qualifications: CREST Registered Penetration Tester CREST Certified Infrastructure Tester Cyber Scheme Team Member (CSTM) Cyber Scheme Team Leader (CSTL) EC-Council Certified Security Analyst (ECSA) Offensive Security Certified Professional (OSCP) Full clean driving license 6% workplace (NEST) employer pension contribution 25 days holiday 3 days additional days of paid leave during Christmas Shutdown Enhanced company sick pay Hybrid working (office and remote) Opportunities for funded professional development and certifications Work with public sector and regulated organisations Collaborative, supportive team environment Monthly tech team afternoon to investigate latest software and training labs Regular team building outings which have included paintballing; escape rooms ; raft building and pottery.

At the heart of everything we do is our vision to change lives every day, and our mission to grow The National Lottery responsibly and champion its impact. We are Allwyn UK, part of the Allwyn Entertainment Group - a multi-national lottery operator with a market-leading presence across the USA (Michigan and Illinois) and Europe, including Czech Republic, Austria, Greece, Cyprus and Italy. While the main contribution of The National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do. Join us as we embark on a once-in-a-lifetime, largescale transformation journey by creating a National Lottery that delivers more money to good causes. We'll talk a bit more about us further down the page, but for now - let's talk about the role and who we're looking for A bit about the role This role strengthens the Security Testing function by adding senior hands on capability across application security testing and targeted offensive security work. The main purpose of the role is to improve the depth, consistency and practical value of security testing across Allwyn systems and services, while building enough internal offensive capability to support purple team activity, adversary led testing and better detection and response outcomes. The role is weighted towards application security. Around 70 percent of the time will be spent on testing and assuring modern applications, APIs, backend services and cloud hosted workloads. Around 30 percent will be spent on offensive security activity that supports purple team development, adversary informed assessments and selected deeper technical work such as binary analysis, operating system exploitation and ATT&CK aligned testing. What you'll be doing Application security testing and assurance, around 70 percent Lead and deliver advanced penetration testing across web applications, RESTful APIs, backend services, mobile connected services and supporting application platforms. Assess Java based backend systems, especially Spring Boot services, microservice architectures, API gateways and Backend for Frontend layers. Test authentication, authorisation, orchestration, input validation, session handling, token management and data exposure risks across modern digital journeys. Carry out security testing across cloud hosted and containerised application environments, ideally on AWS, where platform or configuration weaknesses affect application risk. Review outputs from SAST, DAST and related controls, separate noise from genuine risk, and help development teams understand what matters and what should be fixed first. Support threat modelling and design review activity by translating design and architecture decisions into sensible testing scope and coverage. Support release and project assurance by providing clear views on testing depth, remediation expectations and risk based sign off inputs. Help develop practical application security testing standards, playbooks and ways of working that can be applied across BAU and project delivery. Offensive security and purple team development, around 30 percent Develop and mature an internal purple team methodology that can be used alongside security testing activity and external red team exercises. Support offensive security planning with Security Testing leadership and Cyber Defence so that simulations and adversary led assessments are tied to the maturity of defensive controls and operational priorities. Use strong Linux and Windows knowledge to identify realistic exploitation paths across hosts, applications and supporting services. Bring practical knowledge of binary exploitation and lower level technical analysis where it adds value to application, platform or software component assessments. Apply ATT&CK aligned thinking when shaping offensive scenarios, attack paths and purple team test cases. Use knowledge of exploit chaining, post exploitation tradecraft, EDR and AV evasion concepts, and other offensive security techniques where they improve the realism and value of testing. Contribute to selected specialist work, including hardware focused testing or low level technical analysis, where there is a clear business need and the activity supports the wider security testing plan. Work with external offensive security partners and turn outputs into practical lessons, follow up actions and measurable improvements. Team contribution and capability building Act as a senior technical point of reference within the Security Testing function. Coach others in the team and help raise the standard of testing, reporting and technical analysis. Improve internal methods, test approaches and reporting so that the function becomes more consistent and easier to scale What experience we're looking for Essential Strong hands on experience in application penetration testing across web applications, APIs and service based architectures. Strong understanding of Java based backend systems, especially Spring Boot, RESTful APIs and microservice patterns. Experience testing API gateways and Backend for Frontend layers, including authentication, authorisation, orchestration and data validation. Practical knowledge of cloud hosted applications, ideally on AWS, including containerised services and common platform security controls. Good understanding of modern web and mobile application patterns, enough to assess API consumption, session handling, trust boundaries and data exposure risk. Strong practical knowledge of Linux and Windows operating systems, including privilege escalation paths, host weaknesses, credential handling risks and exploitation approaches relevant to application environments. Working knowledge of binary exploitation and lower level vulnerability analysis where relevant to application, runtime or platform risk. Ability to carry out manual testing beyond automated tooling, including business logic weakness, exploit chaining and cross layer issues. Ability to explain findings clearly to both technical and non technical stakeholders and provide practical remediation advice. Experience shaping testing approach, methodology or standards rather than only delivering assessments. Desirable Experience with mobile application assessment. Experience with secure code review or code assisted testing. Experience with ATT&CK informed assessments, adversary emulation support or purple team exercises. Familiarity with EDR and AV evasion concepts, exploit development, vulnerability research or offensive tooling beyond standard application testing. Exposure to hardware, embedded or other specialist low level testing techniques. Experience in regulated, high availability or transaction critical environments. Relevant certifications such as CREST, OSCP, OSWE, OSEP or equivalent demonstrable experience. Experience with WAF technology and implementation About us At Allwyn, we are dedicated to changing lives and growing the National Lottery responsibly, championing its positive impact on people, places, and the planet. Innovation - We pride ourselves on it! We're constantly looking for new ways to excite our customers, bringing new products to market to enjoy which is all supported by our responsible play values and making them accessible to all. Giving back - Did you know that playing the lottery generates around £30m a week for charities and good causes in the UK? Our aim is to have doubled this number by the end of the first 10-year license. Sustainability - Our aim is to become a net zero national lottery. We have 2030 targets to decarbonise our operations and energy. We've already transitioned to renewable energy providers, made our London and Watford offices zero gas, and ensured our fleet consists of low-emission vehicles. In addition, we're working with our value chain partners to develop a net zero target date. Empowering every voice - We believe in creating a culture where everyone feels they belong, can be themselves, has access to opportunities and can thrive for the benefit of good causes. Our diverse teams are working hard to make all parts of The National Lottery inclusive - whether people play a game in a store or online, because when everyone can play, everyone wins. An inclusive reward offering with wellbeing at the centre At Allwyn, inclusion is built into how we care for our people. Our benefits and policies support colleagues and their families at every stage of life and career. By prioritising wellbeing and belonging, we create a workplace where everyone feels valued, rewarded, and empowered to succeed. Our people are more than colleagues - they're winners, driving positive change and making a real difference in communities. Benefits Company Bonus Scheme Matched pension contributions up to 8.5% 26 days annual leave + 2 Life Days (and bank holidays) Single Private Health Cover Complimentary Private Medical Income Protection Flexible Benefits - EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes. Enhanced Family Leave (Maternity, Paternity, Adoption) Wellness Allowance £500 Employee Assistance Programme Discounted Health Assessments Volunteering Days Matched Funding . click apply for full job details

Your talent is the key to innovation. At S&l, we're not just offering jobs - we're building careers that make an impact. Apply now and be part of a team shaping the future of cybersecurity and technology. Salary: Up to £45,000 per annum. Travel: Hybrid Location: London We're hiring a passionate Penetration Tester eager to grow in offensive security. Join a skilled, diverse team committed to innovation and technical excellence. This is a great opportunity to sharpen your expertise and contribute to impactful cybersecurity initiatives. Support and contribute to Infrastructure and Cloud Security Assessments Be mentored and trained towards Adversarial Simulation, Red Team Operations, and other advanced offensive security techniques Write detailed, clear, and professional reports for technical and non-technical stakeholders Collaborate with a team of skilled professionals and contribute to knowledge sharing Requirements: OSCP certification is essential (OSEP, OSCE3, or other advanced Offensive Security certifications also accepted) Demonstrable knowledge of Web Application security, including common vulnerabilities (e.g., OWASP Top 10) Strong desire to deepen technical capabilities across various domains, including infrastructure, cloud, and red teaming Excellent written and verbal communication skills Exposure to internal network testing or Active Directory environments Experience with cloud platforms (e.g., AWS, Azure) from an offensive perspective Familiarity with tools such as Burp Suite, Nmap, Cobalt Strike, or custom scripts Understanding of MITRE ATT&CK framework or red team methodologies.

About the Role As an experienced Penetration Tester at Starling, you'll be joining an established team, working with talented cyber security professionals to ensure our services are designed, developed and operated securely. This is a collaborative role - you'll directly interact with multiple areas of the business to understand requirements, conduct research, perform security testing, and report issues aligned to our risk framework. Being an internal tester, you'll gain a strong understanding of how technology works at Starling to enable in depth testing. You'll also support remediation processes, seeing your findings lead to tangible security improvements. We understand the importance of knowledge and expertise remaining current, so we'll actively support your advancement through research and training. In turn, you'll help us continuously improve our processes, methodologies and tools to maintain the highest standard of testing. We're open minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Responsibilities Scoping and performing mobile, web application, cloud and infrastructure penetration tests. Collaborating with engineering teams to facilitate secure development, including: Reviewing and analysing proposed technical solutions to identify appropriate security controls. Conducting code reviews of features and critical security components. Performing in depth practical security testing. Advising on the remediation of security issues and identifying solutions to address root causes. Automating security testing and developing internal tooling to achieve continuous assurance. Identifying and implementing improvements to the team's internal processes and procedures. Mentoring less experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling. Qualifications 5+ years technical information security experience. Experience in mobile, web application, cloud and infrastructure penetration testing. Technical knowledge - a good foundation in mobile security (iOS and Android), web application security, networking and associated protocols, cloud security (AWS and GCP), containers and Kubernetes. A desire to learn, and the ability to apply technical security knowledge to new and unfamiliar areas. Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience. Experience performing code reviews or code assisted testing, particularly in Java and Go. Experience in automation of security testing (e.g. using Python or Go). Excellent verbal and written communication skills. Interview Process First stage with the Penetration Testing Team Lead. Second stage with additional members of the Penetration Testing team. Final stage with Infosec Director and CISO. Benefits 25 days holiday (plus public holiday allowance). Extra day's holiday for your birthday. Annual leave increased with length of service, and you can choose to buy or sell up to five extra days off. 16 hours paid volunteering time a year. Salary sacrifice, company enhanced pension scheme. Life insurance at 4 your salary & group income protection. Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr & Mrs Smith and Peloton. Generous family friendly policies. Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks. Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing. Equal Opportunities Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

Barclay Simpson is seeking an experienced Penetration Tester to join their team in Greater London. This internal role offers a variety of projects across WebApp, Infrastructure, and Cloud testing, along with involvement in Red and Purple Teaming. You will lead engagements, mentor junior staff, and communicate findings to senior stakeholders. The position offers a base salary of up to £85,000 plus benefits and bonus. Commuting from surrounding areas is feasible, with easy access to public transport.

This is a fantastic opportunity for an experienced penetration tester to move into an internal role with a leading financial services firm. The role offers variety across Penetration Testing (WebApp, Infrastructure - internal and external, and Cloud) along with involvement in Purple Teaming and Red Teaming engagements. The role will see you leading, scoping and planning engagements, defining methodologies and working with third parties and the wider cyber defence team where required. You will undertake peer reviews of reports, and will communicate findings to senior stakeholders in the business. You will have the opportunity to mentor a junior PenTester and to work on a range of different projects. The successful candidate will be an experienced PenTester with WebApp, Cloud and Infra skills. You may be certified in OSCP, CREST or SANS (although certifications are not a prerequisite) and will have good verbal and written communication skills. Experience in red/purple teaming will be beneficial. You may have experience from either a consultancy or an internal team. The role is based 3 days a week in the office. If you live in Surrey, West/East Sussex, Hampshire, Croydon, Brighton, Portsmouth or West Kent, you will be within a commutable distance of their office. There is parking available, and the office is just a 5-minute walk from the station with regular direct trains from London Bridge, Victoria and Blackfriars. Base salary up to £85,000 + benefits + bonus. There is no visa sponsorship available at this time.

Rail Cyber Security Lead Application Deadline: 22 May 2026 Department: Cyber Services and Capabilities Employment Type: Full Time Location: GBR London Reporting To: Gary Cannon Description We are seeking a highly skilled Cyber Security Rail Lead to join our Global Transport practice. This role is pivotal in strengthening and expanding our cyber security capability within the global rail ecosystem, while also supporting cross-domain engagements in maritime, automotive, and aviation as needed. The ideal candidate will bring deep knowledge of operational technology (OT), rail systems, relevant international cyber security standards (including IEC 62443, TS 50701, IEC 63452), penetration testing methodologies, and the broader transport ecosystem. In addition to technical leadership, the individual will play a key role in supporting business development, building client trust, and elevating NCC Group's profile within the rail sector. This is a client facing role requiring strong collaboration, communication and leadership skills. Key Responsibilities 1. Technical Leadership (Rail Cyber Security) Serve as the subject matter expert (SME) for rail cyber security across global engagements. Lead, design, and deliver complex cyber security assessments across both operational technology (OT) and information technology (IT) environments. Apply deep knowledge of rail specific standards and frameworks, including: IEC 62443 (Industrial Cyber Security) TS 50701 (Railway Cyber Security) IEC 63452 (Railway Rolling Stock Cyber Security) Conduct or oversee penetration testing activities, vulnerability assessments, architecture reviews, risk assessment and threat modelling for rail clients. Provide expert interpretation of cyber security requirements for railway operators, manufacturers, and integrators. Ensure security recommendations are aligned with safety, operational continuity, and regulatory requirements across the rail ecosystem. 2. Rail Domain Expertise Provide expert understanding of the rail ecosystem, including: Signalling systems Rolling stock Control centres Wayside and trackside equipment Rail operational processes and safety requirements Translate complex rail operations knowledge into training and mentorship for internal teams. Act as the internal thought leader on emerging rail threats, vulnerabilities, and industry trends. 3. Business Development & Practice Growth Support the creation and growth of new rail opportunities globally. Build NCC Group's market presence in the rail sector through: Thought leadership (whitepapers, webinars, industry events) Client engagements and pre sales support Partnerships with key rail OEMs, operators, and regulators Collaborate with engagement managers and leadership to define rail focused service offerings. Contribute to bids, proposals, and technical scoping activities for prospective customers. 4. Cross Domain Support (Multi Modal Transport) Potentially support projects across maritime, automotive, and aviation domains as required, with team backing. Maintain awareness of common OT and safety critical technologies across transport sectors. Promote knowledge sharing across the wider Transport Cyber Security practice. 5. Teamwork, Collaboration & Mentorship Provide mentoring, guidance, and technical leadership to consultants at various levels. Work closely with colleagues across global teams to deliver integrated and high quality engagements. Promote a collaborative, supportive, and inclusive team culture. 6. Client Engagement & Delivery Excellence Act as a trusted advisor to clients, providing clear, actionable cyber security recommendations. Communicate complex concepts in a clear, professional, and client friendly manner. Ensure high quality deliverables and maintain strong client satisfaction throughout engagements. Skills, Knowledge and Expertise Technical Experience Proven experience in rail cyber security, ideally within operators, OEMs, integrators, or a cyber consultancy. Strong experience working with and applying: IEC 62443 (critical infrastructure cyber security) TS 50701 (railway cyber security framework) IEC 63452 (rolling stock cyber security) Strong understanding of OT systems and technologies, including SCADA, industrial control systems (ICS), and safety critical environments. Practical experience in penetration testing or security assessment methodologies (not necessarily a full time tester, but capable). Experience with secure architecture review, threat modelling, and risk assessment in industrial or transport environments. Domain Knowledge In depth understanding of the rail operational ecosystem, including signalling, rolling stock, safety systems, and regulatory standards. Direct experience working within or for rail operators, system suppliers, or rail integrated cyber projects. Soft Skills & Professional Attributes Excellent communication skills in both technical and non technical contexts. Strong client facing experience and relationship management skills. Ability to lead engagements and influence stakeholders at all levels. Willingness to work collaboratively across geographies and disciplines. Ability to teach and mentor others on rail systems and cyber security. Desirable (Not Mandatory) Recognised cyber certifications (e.g., CISSP, GICSP, ISA/IEC 62443 CyberSecurity Expert). Experience contributing to industry standards or regulatory consultations. Background in safety engineering or systems engineering in transport. Benefits Flexible Working: Balance your work and personal life with our flexible working options. Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave differs for SOC shift workers, please speak to your TA partner for more information). Medicash & Critical Illness Scheme Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme. Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities. Green Car Scheme: Drive green and save money with our eco friendly car scheme. Cycle Scheme: Stay fit and healthy with our cycle to work scheme. Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet. Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.

ActiveFence Ltd in the United Kingdom is seeking a Senior Penetration Tester to join their security research division. You will lead penetration tests on complex applications, engage in Red Team projects, and develop internal security tools. The ideal candidate has at least 5 years of experience in application security and web penetration testing, alongside the ability to produce technical reports. Candidates with offensive certifications and demonstrable achievements will be preferred. The role requires independence, attention to detail, and a proactive approach to research.

We believe in the power of ingenuity to build a positive human future. As strategies, technologies, and innovation collide, we create opportunity from complexity. Our teams of interdisciplinary experts combine innovative thinking and breakthrough technologies to progress further, faster. Our clients adapt and transform, and together we achieve enduring results. We are over 4,000 strategists, innovators, designers, consultants, digital experts, scientists, engineers, and technologists. And we have deep expertise in consumer and manufacturing, defence and security, energy and utilities, financial services, government and public services, health and life sciences, and transport. Our teams operate globally from offices across the UK, Ireland, US, Nordics, and Netherlands. PA. Bringing Ingenuity to Life. We believe in the power of ingenuity to build a positive human future. We challenge where it matters and own the outcome. We combine strategic thinking, customer-centric service design, and agile engineering practices to accelerate innovation in a tech-driven world. Join our Digital & Data team working alongside product, design and a wide range of other experts and cross-disciplinary teams to bring ideas to life through innovative software solutions. Grow a flexible and unique career within a trust-based, inclusive environment that values excellence, innovation, and curiosity. You have the option to progress with us on a technical career track. No need to go onto the Partner career track if this doesn't align with what you want to do. Hybrid working - our approach is to be in the office or on client site a minimum of 2 days per week. Work on a broad variety of projects and tech stacks for clients across seven sectors - no project is ever the same Join other experts within our supportive and collaborative tech community through knowledge-sharing and peer-level support, coaching and mentoring Deepen your expertise through our a culture of learning and growth - you'll have budget to take courses (technical and non-technical training), plus gain certifications What you can expect Work to agile best practices and cross-functionally with multiple teams and stakeholders. You'll be using your technical skills to problem solve with our clients, as well as working on internal projects Live in-person whiteboarding sessions to problem solve as a team, alongside asynchronous communication on Teams Work by yourself, or play your part in larger projects Deliver high quality security assessments within agreed deadlines Produce written and verbal reports for clients to an excellent standard. Develop and share knowledge with the rest of the penetration testing team Work with teams across PA Consulting, providing technical knowledge and expertise where required Be self-motivated and client oriented, aiming to exceed expectations in all areas of your role Hybrid working with the team on client site or in our office a minimum of two days per week. However, the actual time you spend and where you spend it will vary by role or assignment, including up to 5 days per week on a client site. Even if you don't meet every requirement below, feel free to still apply as we are often hiring for similar roles which your background might be better suited to. Hold CTM/CSTM or CTL/CSTL status and/or other industry recognised certifications such as the OSCP or CREST/CyberScheme qualifications Have developed their SME knowledge in one or more fields of penetration testing, such as mobile application testing, Cloud, Operational Technology, or a specific industry/environment such as telecoms, defence, or maritime Desire to help build and maintain the team though internal training, building our infrastructure and tooling or helping to plan and execute engagements Be interested in delivering and contributing to our CREST accredited ethical hacking training. You thrive in problem-solving and analytical thinking You enjoy collaborating with multiple stakeholders in a fast-paced environment Additional information Please note that the interview stages may be subject to change based on the specific requirements of the role. Quick call with one of our Tech Recruiters - to discuss your application, the role and PA Round 1: Either a competency or technical interview (60 mins) Round 2: Either a competency or technical interview, whichever you didn't do at first round (60 mins) Final round : Meeting with a PA leader - a mini case study and discussion around your client-centricity (60 mins) Life At PA encompasses our peoples' experience at PA. It's about how we enrich peoples' working lives by giving them access to unique people and growth opportunities and purpose led meaningful work. Our purpose guides how we work with our clients and our teams, and support our communities, to deliver insight and impact, solving the world's most complex challenges. We're focused on building a workplace that values human difference and diverse mindsets, and a culture of inclusion and equality that unlocks the potential in our people so everyone can be their best self. We are dedicated to supporting the physical, emotional, social and financial well-being of our people. Check out some of our extensive benefits: Health and lifestyle perks accompanying private healthcare for you and your family 25 days annual leave (plus a bonus half day on Christmas Eve) with the opportunity to buy 5 additional days Generous company pension scheme Opportunity to get involved with community and charity-based initiatives Annual performance-based bonus PA share ownership Tax efficient benefits (cycle to work, give as you earn) We're committed to advancing equality.We recruit, retain, reward and develop our people based solely on their abilities and contributions and without reference to their age, background, disability, genetic information, parental or family status, religion or belief, race, ethnicity, nationality, sex, sexual orientation, gender identity (or expression), political belief veteran status, or other by any other range of human difference brought about by identity and experience. We welcome applications from underrepresented groups. Adjustments or accommodations - Should you need any adjustments or accommodations to the recruitment process, at either application or interview, please contact us on

We are looking to recruit Cyber Security Architect to join our growing team based in London and Slough. This will be an on-going permanent basis employment for deserving candidate. The Security Architect is responsible for supporting multiple projects and programmes by defining and championing information security solutions. The role will work closely with systems and project engineers, developers, internal / external business stakeholders and project managers within various departments to assess risk and deliver pragmatic, flexible and sustainable security that includes people, process and technology. Required Skills and Experience Solid exposure of taking a leading role in the establishment and implementation of security architecture, policies and procedures. Experience of secure development lifecycles (SDL) Good understanding of enterprise-scale security management process and infrastructure Exposure to current information security standards and regulations such as PCI-DSS, ISO 27001, SOX, UK DPA Exposure to enterprise IT infrastructure and tools (e.g. Microsoft, Cisco, Sun, Oracle) Experience of transactional revenue systems, embedded systems, smartcards, mobile payment systems Knowledge of cryptographic services Knowledge of wider security, audit, risk and compliance standards e.g. PCI-P2PE, PCI-POI-PTS, ISO 22301, ISO27005, ISO31000, NIST, GDPR Understanding of security within agile/ DevOps and waterfall project methods, product development Experience of application security testing tools, e.g. SonarQube In depth understanding of information security control tools Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402 Education and Qualification: Degree or equivalent and/or equivalent level of experience in relevant subject Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/ ISA) Security and IT vendors certifications CREST-registered penetration tester and/or security architect Job Type: Permanent Full-time Location: London/Slough Salary: Market Rates (Based on experience) Experience Min 5 years or more If you think you are a suitable candidate for this job title and hold all necessary skills, please apply by submitting your CV. Salary will be determined from experience.

Intact Insurance is the new name for RSA in the UK, Ireland, and across Europe. It's a new name and a new way to do business. Backed by global expertise and a commitment to service that feels different, we're focused on making insurance simpler, faster, and more responsive. Shape the future: We're leading a transformation in insurance helping people, businesses and society prosper in good times and be resilient in bad times. When you join us, you're not just taking a job, you're stepping into a career where you can make a real difference. Grow with us: We're customer-driven, community-focused, and committed to helping our people grow. Whether you're early in your journey or bringing years of experience, we'll support you with the tools, flexibility, and opportunities to thrive. Win as a Team: The Senior Penetration Tester plays a critical role in safeguarding Intact's assets by leading the scoping, planning, and execution of complex penetration tests across a diverse range of technologies, environments, and business functions, including network, application and cloud. This position requires a deep technical understanding of offensive security methodologies, strong communication skills, and the ability to translate business requirements into actionable testing strategies. As part of the role, the Senior Penetration Tester will actively contribute to purple team / threat simulation testing, working in close collaboration with defensive security teams to enhance detection and response capabilities. This involves simulating advanced attack scenarios, validating security controls, and leveraging frameworks such as MITRE ATT&CK to ensure comprehensive coverage of adversarial TTPs (Tactics, Techniques and Procedures). The successful candidate will play a key role in translating offensive insights into actionable defensive improvements, fostering a culture of continuous learning and resilience against evolving threats. You'll make an impact by: Lead the scoping, planning, and delivery of complex penetration tests across networks, applications, cloud environments, and emerging technologies. Conduct advanced offensive security assessments to identify and exploit vulnerabilities, providing clear and actionable remediation guidance. Collaborate with defensive teams to help design and execute purple team exercises, improving detection and response capabilities. Produce high-quality reports and communicate findings effectively to technical and non-technical stakeholders. Assist the Cyber Defence team with vulnerability validation, and technical support during incident response. Mentor junior team members, sharing knowledge and best practices to develop overall team capability. Peer-review methodologies and reports to ensure repeatability and quality. Stay current with evolving threats, tools, and techniques, contributing to continuous improvement of testing methodologies and security posture. Maintain and champion the security testing elements of the SDLC Your skills and experience: Experience of leading network, web, cloud, internal and red / purple team penetration tests Excellent knowledge of penetration testing approaches, tools and techniques Excellent knowledge of MITRE ATT&CK framework and TTPs Strong capability in identifying, validating, and clearly articulating vulnerabilities Experience writing high-quality reports with clear risk statements and remediation guidance Ability to perform threat modelling and attack surface analysis. Excellent knowledge and understanding of Open Web Application Security Project (OWASP) Demonstrable experience with automated, dynamic and static application security testing tools Experience in managing third party suppliers Relevant technical security qualifications or experience, for example OSCP, SANS, CREST, CRTO, or equivalent level Why You'll Love It Here: Being part of our team means you'll have the support and freedom to bring your best self to work each day. As a permanent member, here's what you can look forward to Annual discretionary bonus Up to 11% pension contributions Hybrid working + flexible hours 25 days annual leave + bank holidays + buy/sell options Career development and mentoring Inclusive culture + employee networks Share investment options Our DEI Commitment: We celebrate individuality and believe our differences make us stronger. We're proud to foster a culture where everyone feels respected, valued, and empowered to thrive. As an Equal Opportunity and Disability Confident Employer, we ensure fair consideration for all applicants and offer interviews to all disabled candidates who meet the essential criteria. We understand that everyone's circumstances are different and are happy to explore flexible working options such as reduced hours or job shares to support work-life balance. If you meet the core criteria but not every requirement, we'd still love to hear from you. Let's explore how this role could support your next career step. If you need adjustments during the recruitment process, just let us know we're here to support you.

Senior Penetration Tester LSEG is seeking a senior penetration tester to join our internal offensive security team. This role is hands on and deeply technical, responsible for planning and driving penetration tests across a wide range of systems and applications. The successful candidate will be a skilled offensive security professional with a passion for uncovering vulnerabilities and improving security posture through thorough testing and teamwork. Key Responsibilities Conduct in depth penetration tests on applications, infrastructure, and cloud environments. Take full ownership of assigned penetration testing engagements end to end and deliver with limited oversight. Compile technical scoping documents, track and document assessment metadata. Define engagement details (who, what, when, where). Identify testing team members and roles. Specify tools and methodologies used. Schedule and timelines. Target systems and environments. Constraints, exclusions, and limitations. Testing activities and event logs. Document findings clearly and concisely, providing actionable remediation guidance. Collaborate with application teams to scope, perform, and report on security assessments. Contribute to team improvement efforts and ensure all initiatives and feedback are well documented for future reference. Contribute to the continuous improvement of testing methodologies, tooling, automation. Stay ahead of emerging threats, vulnerabilities, and offensive security techniques. Participate in R&D initiatives as guided from leadership. Support educational sessions and mentoring within the team. Develop and maintain custom tools, scripts, and exploits to support testing activities. Required Skills & Experience Proven hands on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud native based environments). Proficiency with tools such as Burp Suite, common command line tools, and ability to write custom scripts when needed. Experience in automating pentesting tasks. Solid understanding of application security, network protocols, and operating systems. Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes). Ability to write clear, technical reports and communicate findings to both technical and non technical customers. Proficient interpersonal skills in English, both written and verbal. Relevant certifications and engagement with the security community is a plus. Threat Modelling experience is a plus. Proven track record of successfully managing and driving security engagements for various organizations with differing operational and technical profiles. Ability to identify, assess, and communicate technical and project risks to partners. Understanding project requirements and aligning results with agreed upon objectives and timelines.

Job: Security Operations (SOC) Analyst Location: Belfast, Northern Ireland, UK The Role The SOC Analyst will be responsible for day-to-day security threats, vulnerability management, analysis, and response. You will manage security incidents and review security alerts, determine if the security events are false positives, true positives, or false negatives, while working with incident responders on known or suspected security threats. The Analyst will work on log analysis, vulnerabilities and emerging threats, threat hunting and incident response that adhere to best practices and recognized control frameworks. The role will work closely with Information Security and Information Technology professionals to provide security metrics, threat landscape updates and emerging trends. Responsibilities Monitor, analyse, investigate security incidents and events using various tools and technologies including SIEM, UEBA, Threat Intel and EDR Perform security incident and event correlation, analysis, triage using information gathered from a variety of sources within the enterprise. Generate reports, dashboards, and presentations from security technologies Able to participate in an on call rotation and provide Tier 1 & Tier 2 support. Provide analysis of trending security data from a large number of heterogeneous security devices across different layers. Provide Incident Response (IR) support when analysis confirms an actionable incident. Communicate and collaborate with stakeholders, including internal customers and senior management to provide updates on security incidents and to ensure proper resolution Investigate, document, and report on information security threats and emerging trends. Integrate technologies and share information with SOC analysts and external teams. Participate in internal projects and initiatives to increase SOC efficiency and improve SOC tooling. Improve and challenge existing processes and procedures in an agile and fast-moving environment. Maintain and update security documentation, including incident reports and KB articles Core Qualifications The permanent right to live and work in the United Kingdom - this job is based in Belfast, Northern Ireland Bachelor's degree in a related field (Security, Forensics, Cyber Security, or Computer Science is preferred) or equivalent industry related experience. At least 2 years' experience working within an information security / cyber security role Desirable Proven experience as a security analyst, incident handler/responder, security engineer, or penetration tester. Knowledge of security methodologies, processes (i.e., Cyber Kill Chain/Diamond Models, and the MITRE ATT&CK/D3FEND framework). Knowledge of technical security solutions (such as but not limited to firewalls, SIEM, NIDS/NIPS/HIDS/HIPS, EDR, DLP, SOAR, proxies, network behavioural analytics, orchestration, automation and cloud security). Deep knowledge of TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS and HTTP Protocols, network analysis, and network/security applications and email security. Good knowledge of common malware threats and attack methodologies. Basic knowledge of scripting languages and programming languages (PowerShell, Python, Bash, .NET, Ruby,Java, C, etc.) Desirable Professional Certifications: GCIA, GCIH, GCFE, GCFA, Security+, CCNA CyberOps, OSCP, GPEN, GWAPT, CEH, CySA+ Core Competencies Accountable for the successful completion of multiple, individual projects simultaneously. Communicate effectively by contributing significantly to the development and delivery of a variety of written and visual documents for diverse audiences. Manage change and demonstrate adaptability by adjusting priorities or processes and approaching as needs dictate. Work independently as a team representative of Information Security as well as showing excellence teamwork skills. Ability to develop thorough documentation and operational playbooks, in addition, to suggest alert enhancements to improve detection capability. Fundamental knowledge of network and system technologies and practices Desire for continual learning of new technologies and developing knowledge / skills We Offer 28 days annual leave plus 10 NI national holidays Pension matched up to 7% Private health insurance for medical and dental Life Insurance Great work/life balance and flexible working hours Monthly catered lunches Unlimited drinks and snacks Charitable matching gift program EEO Statement Apex Fintech Solutions is an equal opportunity employer that does not discriminate on the basis of race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, veteran status, marital status, or any other protected characteristic. Our hiring practices ensure that all qualified applicants receive fair consideration without regard to these characteristics. Disability Statement Apex Fintech Solutions is committed to creating an inclusive and accessible workplace for all candidates, including those with disabilities. We are dedicated to ensuring equal employment opportunities and providing reasonable accommodations to qualified individuals with disabilities. If you require reasonable accommodations to participate in the application or interview process, please submit your request via Candidate Accommodation Requests Form. We will work with you to provide the necessary accommodations to ensure your full participation in our hiring process.

Location This role offers flexibility to work remotely from your own home, or as a hybrid arrangement and work from our offices in Oxford or Glasgow, if preferred. There is also a requirement for flexibility from employees to visit client sites across the UK as part of this role. Why join Dionach by Nomios? Since being acquired by Nomios in late 2024, Dionach by Nomios has continued its dynamic growth as a leading information security company. Specializing in penetration testing and information assurance services, we offer an incredible opportunity to be part of an experienced team, build your skills, and grow professionally. Dionach by Nomios holds impressive certifications, including CREST, CHECK, PCI QSA, and ISO 27001. With our focus on enhancing customers' security and fostering team development, you'll be joining a company that prioritizes both your growth and the safety of our clients. Dionach is also proud to be Great Place To Work Certified , a recognition based entirely on feedback from our team. We're committed to creating an environment where people feel supported, valued and able to grow. Learn more about our certification here: Working at Dionach Great Place to Work UK. We're in an exciting phase of expansion and are looking for self-motivated individuals ready to thrive in a fun, flexible environment. At Dionach by Nomios, your contributions will have a genuine impact on the business, and you'll find opportunities for both interesting work and career development. Benefits Our employees are the heart of our business. We value our employees and invest in their growth and well-being. Here's what we offer: Hybrid Working: Flexibility to work remotely or use our UK offices around client visits. Professional Growth: Access to training labs, certification sponsorship, and time for skill development. Well-being Focus: Private health insurance, eye care plan, income protection, EAP scheme, and well-being platform. Our Commitment to Diversity and Inclusion At Dionach by Nomios, we believe that diversity fuels innovation. We're dedicated to creating an inclusive workplace where everyone feels valued and respected. We welcome applications from all backgrounds, perspectives, and experiences, and we're committed to being an equal opportunity employer. We do not discriminate based on race, religion, gender, age, disability, or any other legally protected status. We encourage candidates from underrepresented groups to apply and are committed to providing a supportive and accessible environment for all our employees. If you require accommodations during the application process, let us know, and we'll work to meet your needs. The salary band advertised for this role is £40,000 to £65,000 per annum, depending on experience. What You'll Do Conduct penetration tests across various environments, including web applications, APIs, Cloud, and network infrastructure. Issue detailed reports outlining findings, risks, and recommendations for remediation. Translate complex technical findings into actionable insights for both technical and non-technical audiences. Stay updated with the latest security trends, tools, and techniques. Participate in research and development projects. Focus on your development by attaining industry recognised certifications. Be available for occasional on-call duties and on-site client engagements, as needed. What We're Looking For Certifications: Relevant certifications such as CREST CRT, CREST CCT, OSCP, OSWE, OSCE, or equivalent level. Experience: At least two years in penetration testing, covering network, web, and internal tests and customer engagements. Tools: Proficiency with tools like Burpsuite Pro, Nessus, and other industry standards. Communication: Strong verbal and written skills for stakeholder management, collaboration and report writing. Independence: Ability to work solo or as part of a team on penetration tests. Eligibility: Right to work in the UK and eligibility for security clearance. Key Attributes Analytical thinker with a proactive, detail oriented approach. Excellent verbal and written communication skills, capable of engaging with technical and non-technical stakeholders. Ability to work effectively under pressure and adapt to rapidly changing threat landscapes. Commitment to maintaining the highest ethical and professional standards. Are you an experienced penetration tester looking to further improve your skills and take on more responsibilities? If so, this opportunity is perfect for you! We look forward to receiving your applications!

At Engine by Starling, we are on a mission to find and work with leading banks all around the world who have the ambition to build rapid growth businesses, on our technology. Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling Bank, and a year ago we split out as a separate business. Starling Bank has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up. This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success. Hybrid Working We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. About the Role We are looking for an experienced Penetration Tester who can bridge the gap between deep technical exploitation and real-world business risk. This isn't just about running scanners and handing over a PDF; it's about adversarial empathy, understanding how our systems and services work so you can show us how they may be compromised. While you will sit within the Information Security team, you won't be siloed; you will be "dropped in" to test across various business domains, working side-by-side with Infrastructure Engineers and Software Developers and in collaboration with all parts of the Information Security Team. Your approach is to move beyond finding 'bugs' to helping out teams build inherently resilient systems. As an early member of our internal Pentesting capability, you won't just follow a manual, you will help write it. A key aspect of this role involves: Collaborating with your peers to design a continuous testing framework that evolves with our tech stack. Sharing knowledge with the wider technical faculty to elevate our collective security posture. Additionally, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation. Responsibilities End-to-End Assessments: Conducting penetration tests on our core banking platform, focusing on Cloud and Application Security. Code Review: Performing manual secure code reviews to identify logic flaws and security anti-patterns. Threat Modelling: Participate in sessions with different teams to identify design flaws before code is written. Risk Contextualisation: Contextualising technical vulnerabilities into "Real-World Risk" scenarios to demonstrate business impact to non-technical executives and within Engine's risk management framework. Cloud Security: Collaborating with Infrastructure teams to audit and secure cloud configurations. Autonomous Execution: Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains. Remediation: Providing clear, actionable remediation advice that balances security requirements with engineering velocity. Strategic Reporting: Translate complex technical exploits into actionable business risk summaries for non-technical stakeholders and executive leadership. Requirements We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Technical Skills Ideally, we would like: Experience: 5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs. Tooling: Expert-level proficiency with industry-standard tools and the ability to "go manual" when scanners fail. Cloud Native: Experience with Cloud Security, (AWS/GCP) specifically AWS/EKS. Code Fluency: Ability to conduct code reviews in multiple languages, primarily Java and Go. Mobile: Experience testing Mobile Applications (iOS and Android). SDLC: You have a working understanding of how software is architected, built and deployed. Scripting: You have the ability to write your own scripts and tooling to aid in pentesting and improve efficiency. Golang, Python etc. Soft Skills Communication: Exceptional written and spoken communication skills: the ability to communicate complex technical issues to engineers and business risk to executives. Proactivity: A self-starting nature. You don't wait for a ticket to find a vulnerability. Got downtime? You're digging into codebases, closing off retesting items and generally getting it done. Independence: Ability to work independently while remaining a collaborative partner to the wider engineering team. Adaptability: Engine is evolving. You are able to evolve and develop as our requirements shift over time. Nice to have Infrastructure as Code (IaC): Experience auditing Terraform or CloudFormation templates. DevSecOps: Familiarity with integrating security tooling (DAST/SAST) into CI/CD pipelines. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.

About the Role As an experienced Penetration Tester at Starling, you'll be joining an established team, working with talented cyber security professionals to ensure our services are designed, developed and operated securely. This is a collaborative role - you'll directly interact with multiple areas of the business to understand requirements, conduct research, perform security testing, and report issues aligned to our risk framework. Being an internal tester, you'll gain a strong understanding of how technology works at Starling to enable in-depth testing. You'll also support remediation processes, seeing your findings lead to tangible security improvements. We understand the importance of knowledge and expertise remaining current, so we'll actively support your advancement through research and training. In turn, you'll help us continuously improve our processes, methodologies and tools to maintain the highest standard of testing. Responsibilities Scoping and performing mobile, web application, cloud and infrastructure penetration tests. Collaborating with engineering teams to facilitate secure development, including: Reviewing and analysing proposed technical solutions to identify appropriate security controls. Conducting code reviews of features and critical security components. Performing in-depth practical security testing. Advising on the remediation of security issues and identifying solutions to address root causes. Automating security testing and developing internal tooling to achieve continuous assurance. Identifying and implementing improvements to the team's internal processes and procedures. Mentoring less experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling. Requirements We're open minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Ideally, we would like: 5+ years technical information security experience. Experience in mobile, web application, cloud and infrastructure penetration testing. Technical knowledge - we don't expect mastery of every area, but are looking for a good foundation in the following domains: Mobile security (iOS and Android) Web application security Networking and associated protocols Cloud security (AWS and GCP) Containers and Kubernetes A desire to learn, and the ability to apply technical security knowledge to new and unfamiliar areas. Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience. Experience performing code reviews or code-assisted testing, particularly in Java and Go. Experience in automation of security testing (e.g. using Python or Go). Excellent verbal and written communication skills. Benefits 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing Equal Opportunity Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.