7 jobs found

Senior Penetration Tester Location: Fully Remote (UK-Based) Salary Range: £50,000 - £85,000 (dependent on experience) Position: Permanent, Full-Time My client is a dynamic and growing cybersecurity consultancy dedicated to providing top-tier security services to a diverse range of clients. They believe in empowering the team with the flexibility of remote work while tackling challenging and engaging projects that make a real difference to their clients' security posture. The Role We are seeking a highly skilled and motivated Senior Penetration Tester to join our remote team. You will be responsible for leading and executing complex penetration tests against a variety of systems, networks, and applications. The ideal candidate is not just a proficient tester but a critical thinker who can articulate risks clearly and provide pragmatic remediation advice to clients. Key Responsibilities Plan, lead, and execute sophisticated penetration tests across infrastructure, web applications, APIs, and internal networks. Conduct advanced Red Team exercises to simulate real-world adversary attacks and test organisational defences. Produce high-quality, clear, and concise reports for both technical and executive audiences, detailing findings, risks, and actionable remediation strategies. Mentor and provide guidance to junior members of the team, promoting best practices and knowledge sharing. Collaborate with clients to scope engagements, present findings, and provide expert advice on mitigating identified vulnerabilities. Stay abreast of the latest security vulnerabilities, attack vectors, tools, and methodologies. Contribute to the continuous improvement of our testing methodologies and service offerings. Essential Skills & Qualifications Must hold active CREST Certified Tester (CRT) certification. (Non-negotiable) Proven commercial experience in a penetration testing role. Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities. Strong experience in web application penetration testing (OWASP Top 10). Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.). Excellent written and verbal communication skills, with a proven ability to write detailed technical reports. A proactive and self-motivated attitude, capable of working effectively in a fully remote environment. Desirable Skills & Qualifications Experience with or knowledge of implementing Cyber Essentials and Cyber Essentials Plus schemes is highly desirable. Additional certifications such as: CREST Certified Simulated Attack Specialist (CCSAS) / Certified Simulated Attack Manager (CCSAM) Offensive Security Certified Professional (OSCP) Certified Information Systems Security Professional (CISSP) SANS GIAC Penetration Tester (GPEN) or Web Application Penetration Tester (GWAPT) Experience in mobile application (iOS/Android) testing, cloud security (AWS/Azure/GCP), or social engineering. Experience scripting in Python, PowerShell, or Bash to develop custom tools or exploits. What We Offer A competitive salary of £50,000 - £85,000 . Fully remote working - work from anywhere in the UK. A supportive and collaborative culture with a strong focus on professional development.

Explore AI/ML solutions to tough physics problems in the Defence domain This research team is looking for an experienced engineer or post-doctoral scientist to help them explore the use of modern ML techniques for solving problems across defence related domains such as RF, edge AI and AI security. They work collaboratively within their team as well as with other teams working on similar problems spread across the country. Their work is highly experimental, and it is understood that not all projects succeed, even failed projects contain valuable insights. You will be building upon cutting-edge ML techniques such as transformers and reinforcement learning to create novel multi-modal solutions. Examples include sensor fusion systems, physics-informed neural networks for simulations, and multi-purpose autonomous robots. Projects will be defence focused but may include offensive capabilities. Please note, as projects are defence related, you will need to qualify for UK security clearance to be considered for this role. Requirements: PhD or equivalent professional experience in a field that demonstrates significant understanding of both computer science and advanced statistical or numerical methods Practical experience applying ML techniques to solve real-world problems Knowledgeable in conducting and publishing (as first author) high-quality research for academic journals Team leadership experience While not required, both a good understanding of RF physics and previous involvement in defence related research projects would be highly beneficial. This team has an academic and welcoming work environment where ideas are judged on merit and good work rewarded fairly. Due to the research heavy nature of projects, the team can often work from home and be in the office as little as one day each week. The office itself is located in central London very close to major public transport links making it an easy commute from either within London or the surrounding area. Initially this is an 18-month contract with the expectation of extending this as more funding is released. Another top job from ECM, the high-tech recruitment experts. Even if this job's not quite right, do contact us now - we may well have the ideal job for you. To discuss your requirements call ecm or email your CV. We will always ask before forwarding your CV. Please apply (quoting ref: CV27404 ) only if you are eligible to live and work in the UK. By submitting your details you certify that the information you provide is accurate.

ob Title: Cyber Security Analyst - DV Location: Fully remote Contract Duration : Until Feb 2026 (ad-hoc days as and when needed. Around 10 days/month) Daily Rate: 730.40/day (Umbrella - Maximum) IR35 Status : Inside IR35 Security Clearance: DV Minimum Requirement: Have experience with dealing with real world threats in the serious and organised crime or cyber threat incidents. Have experience in analysing malware behaviour and an ability to identify associated infrastructure. Have an excellent understanding of how cyber threat attackers build and use infrastructure to undertake malicious activity Essential Qualifications: CompTIA Cybersecurity Analyst (CySA+) or a similar certification GIAC Cyber Threat Intelligence (GCTI) or a similar certification GIAC Reverse Engineering Malware (GREM) or a similar certification Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) or a similar certification Any mix of 2 of the above qualifications The Role: The purpose of this project is to understand how 'real world' regulation, and foundational technologies of cyberspace can inadvertently facilitate or be exploited for criminal activity. This work will help inform more effective responses by government, law enforcement and developers alike to combat cybercrime. Researching malicious Internet infrastructure is a highly specialised field that blends cybersecurity, threat intelligence, and network analysis. A specialist in this area should possess a combination of technical skills, analytical capabilities, and practical experience. The key objective is to derive new insights into the different types of malicious infrastructure which are being used by cybercriminals to identify opportunities to use the insights into malicious infrastructure to inform cybercrime policy and countermeasures including an assessment of risks and issues. The role will also require excellent stakeholder management skills to contact and engage with key organisations, individuals and maybe academia. Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.

Solutions Architect - Technology Joining Capco means joining an organisation that is committed to an inclusive working environment where you're encouraged to  Be Yourself At Work. We celebrate individuality and recognize that diversity and inclusion, in all forms, is critical to success. It's important to us that we recruit and develop as diverse a range of talent as we can and we believe that everyone brings something different to the table - so we'd love to know what makes you different. Such differences may mean we need to make changes to our process to allow you the best possible platform to succeed, and we are happy to cater to any reasonable adjustments you may require. You will find the section to let us know of these at the bottom of your application form or you can mention it directly to your recruiter at any stage and they will be happy to help. ABOUT CAPCO Capco is a global technology and business consultancy, focused on the financial services sector. We are passionate about helping our clients succeed in an ever-changing industry. We are/have: Experts in banking and payments, capital markets and wealth and asset management Deep knowledge in financial services offering, including eg Finance, Risk and Compliance, Financial Crime, Core Banking etc. Committed to growing our business and hiring the best talent to help us get there Focused on maintaining our nimble, agile and entrepreneurial culture ROLE DESCRIPTION What's this all about? Capco are looking for a Solution Architect to help our clients solve a range of complex problems. We help clients design exceptional customer experiences and products, we also help them look hard at getting the best out of new technology and integrating it into their existing organisations. Our solution architects are pivotal team members, helping turn great ideas into actionable solutions using a range of business and technology capabilities. This is a role for you if you are looking for an outcome-oriented role, as part of a creative and dynamic team helping financial services clients make sense of the choices they face in the digital business environment. Who are Capco Architects? We are a team of people who are curious and willing to never stop learning. We have a passion for new technologies and understand how they can help deal with today's business challenges. We have confidence in our ideas but we are modest about how we conduct ourselves. We have a proactive, innovative and flexible working style with a teaching mindset; coaching our junior architects through their work. Skills & experience Customer centricity - the ability to empathise with customers and an affinity to create solutions designed to deliver a great customer experience Knowledge of a range of architectural skills which could include modern solution design, Target operating models, Solution Estimation and Planning or Architecture Governance (ideally in an Agile context) Familiarity with cybersecurity, security architecture or closely related topics like identity and access management, or offensive security engineering An understanding of the end to end technology delivery life cycle, with exposure to working in agile alongside product, engineering and software delivery professionals, preferably within banking or finance. Desirable but not mandatory: Product Implementation Experience (Preferably in Financial Services: Capital Markets, Wealth Management or Banking & Payments; or in industries with similar Legacy and innovation challenges eg Telecoms) WHY JOIN CAPCO? Because you are curious, because you want to know what is going on inside engaging projects with some of the largest banks in the world and because you want to work on projects that transform the financial services industry. We offer: A work culture focused on innovation and creating lasting value for our clients and employees Ongoing learning opportunities to help you acquire new skills or deepen existing expertise A flat, non-hierarchical structure that will enable you to work with senior partners and directly with clients A diverse, inclusive, meritocratic cultureTop of Form Enhanced and competitive family friendly benefits, including maternity/adoption/shared parental leave and paid leave for sickness, pregnancy loss, fertility treatment, menopause and bereavement

Job Profile Summary ROLE SYNOPSIS BP is seeking an Azure Security Solutions specialist to plan, execute and continuously improve its cloud security posture. A successful candidate will have a deep understanding on Azure services and how to develop and enforce security controls. The candidate will be hands on in designing and prototyping solutions to enhance the security posture and provide guidance to the engineering team on an on-going basis. Job Advert KEY ACCOUNTABILITIES - Develop/Deploy/Support Application & Infrastructure security checks and guardrails throughout the lifecycle across IaaS, PaaS, SaaS and container platforms. - Work as part of a fast paced Security Engineering team. - Threat modelling and a risk based approach to deploying security controls. - Design and implement automated technology solutions to assess, monitor, and enforce security requirements in Azure environments - Administration and management of cloud security tools and third-party Security as a Service solutions - Ensure end to end effectiveness of cyber security controls - Proactive monitoring of the security posture to ensure solutions are developed to operate at scale. - Conduct security assessments and articulate identified security issues/vulnerabilities to technical and non-technical audience - Identify, research, and validate security alerts and recommendations - Work closely with the defensive teams to identify gaps, address findings, and improve breach response in the Azure environments - Provide security consulting services to new projects and improving the posture of existing services. - Drive the standardisation of design artifacts and provide guidance to the engineering team. - Participate in all Agile ceremonies to create user stories and to assist in developing Sprints and Releases ESSENTIAL EDUCATION: Microsoft Certification in Az-900, Az-303 and Az-304 ESSENTIAL EXPERIENCE AND JOB REQUIREMENTS: - Demonstrable previous security experience with strong experience with Azure - Offensive Security-oriented mindset (threat-modelling, vulnerability assessments, pen testing, etc.) - Experience with automation tooling - Experience using Azure DevOps/ VSTS - Experience with Security Centre, Key Vault, Application Gateway, Network Security Groups, Azure Information Protection, Azure AD - Knowledge of Cloud security fundamentals or Cyber threats as they relate to Cloud - Deep understanding of CI/CD pipelines - Ability to learn to new concept and technologies quickly DESIRABLE CRITERIA - Experience with architecting complex solutions using native Azure technologies AT BP, WE PROVIDE THE FOLLOWING ENVIRONMENT & BENEFITS: - A company culture where we respect our diverse teams and are proud of our achievements - Possibility to join social communities and networks - Learning and development opportunities to craft your career path - Life & health insurance, medical care package - And many others benefits! We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Apply now if this excites you. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. #bpInformationSecurity #LI-AW3 Entity Innovation & Engineering Job Family Group IT&S Group Relocation available No Travel required Negligible travel Time Type Full time Country United Kingdom About BP INNOVATION & ENGINEERING Join us in creating, growing, and delivering innovation at pace, enabling us to thrive while transitioning to a net zero ‎world. All without compromising our operational risk management. Working with us, you can do this by: • deploying our integrated capability and standards in service of our net zero and ‎safety ambitions • driving our digital transformation and pioneering new business models • collaborating to deliver competitive customer-focused energy solutions • originating, scaling and commercialising innovative ideas, and creating ground-breaking new ‎businesses from them • protecting us by assuring management of our greatest physical and digital risks Because together we are: • Originators, builders, guardians and disruptors • Engineers, technologists, scientists and entrepreneurs‎ • Empathetic, curious, creative and inclusive

Senior Security Test Engineer £565 pay per day (Inside IR35) 6 month initial contract Job Description: Our client is a leader in providing cutting-edge Technology to the Telco industry and they are looking for a Security Test Engineer to join their tech team. Skills: - Have technical knowledge and hands-on experience with IT/information security/cyber security/Network Security standards and frameworks such as ISO27001, NIST CSF and GITC - Perform Impact assessment of new change requests and whether they will incur security testing to be implemented - subsequently create test scripts, mapping to requirements in ALM, test and raise defects in ALM where it necessitates and run regression test packs. This will include internal, external, and emergency CR's - Good experience in Application & Infrastructure Security Testing including Static Application Secuirty Testing, Dynamic Application Security Testing, Interactive Application Secuirty Testing, Maritime Asset Security And Training, Run Time Application Secuirty Testing and Security Compliance Activities - Good understanding of OWASP and other penetration testing methodologies. Good knowledge on analysing & reviewing the Pen Test Results - Experience of security testing toolsets eg MicroFocus Fortify SCA (Static Analysis) WebInspect (Dynamic Vulnerability), App Defender, Black Duck, Sonatype (opensource), Qualys (DAST) and TripWire (IP360) - Experience in Security QA Testing (compliance controls, Threat Management, Security Architecture Assessment, Cloud 3rd Party Risk Assessment, Vulnerability Mgt.) - Source code review experience. - Experience in using HP ALM, Jira - Needs exposure on Professional security test tools like to perform testing on systems processing personal data which are within scope of GDPR - Experience on Security Incident Event Management (ArcSight & Splunk) - Track record of developing test security scripts, detailed test planning and test delivery of complex requirements involving multiple applications and platforms - Representation of security testing to internal and external Telefónica meetings. - Alignment of the security test strategy document and keeping up to date Role: - Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis - Strong analytical skills with a proven track record of requirements mapping and traceability - Exposure to testing in rigorous security regimes/design - Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure - Interface and collaborate with multiple groups and/or managerial staff to eloquently describe and implement security solutions - Expert knowledge of Cloud infrastructure, security architectures, and standards - Able to demonstrate clear understanding of current threats to Cloud infrastructure/IT infrastructures/Network Infrastructure at technical and managerial levels - Strong technical writing and verbal communication skills required - Knowledge of web security concepts covering network through application layers - Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc... - Good understanding of hardware load-balancing, Firewalls, multi-tiered architectures. - Knowledge of AWS services and security controls. - Proven industry experience in application and infrastructure security testing Responsiblities - Define the security test approach for the project in conjunction with the Project Managers, Programme Test Manager and other parties involved in testing - Derive Impact assessment - Ensure that all relevant and impacted parties have been engaged - Meet with the project/business to document which security test activities are being performed during identified SMIP test phases and which test objectives the business accepts as risks - Ensure test activities are identified to mitigate all test risks. - Act as the main point of contact regarding security test issues for the SMIP - Attend project meetings as required and regularly track the progress of all security test activities - Regularly review and update RAID (Risk, Assumptions, Issues, Dependencies) and the scope of security testing (test objectives) - Issue the test completion reports to timescale - Escalate project test issues to the programme test manager and project managers - Communicate and maintain relationships with the impacted business, operational and technical teams (internal and external) throughout the delivery of project test phases - Ensure deliverables are agreed with external partners and that end delivery meets specification and contractual obligations - Ensure all test results are clearly communicated to the relevant development teams - Ensure the appropriate use of tools, metrics, and processes are applied to achieve security test objectives and targets - Provide direction and support to programme/project managers on all aspects of security testing - Ensure testing issues and defects are escalated in a timely manner to the Project Managers and the SM Programme Test Manager - Log all defects raised during QA, and track them until resolution in collaboration with the Defect test manager - Encourage continuous quality improvement through Root Cause and another Metrics Analysis area - Act as a leader and industry expert in your subject area - Keep at the forefront of research on relevant areas including methodologies, specific technologies, and the digital media marketplace - Identify best practice and recommend how to implement it - Oversee the sharing and embedding of good practice - Contribute to the identification of current and target skill levels Tooling - SIEM - ArcSight, Splunk - Application Security - SAST and DAST - Vulnerability Management- Tripwire IP360 - API Testing tools - SOAP UI - Good experience in identifying the server generated values. - Operating Systems; Unix (Linux and/or Solaris), Windows - Database - Microsoft SQL Server, Oracle RDBMS Desirable: - Certifications in Offensive Security, GIAC, ISECOM, (ISC)2, EC-Council (CEH), OSCP/OSCE, CISA, CEH - Defect Management (ideally using HP ALM) - Proactive, takes action and seeks opportunities. - Excellent communication, reporting & presentation skills. - Familiar with corporate, industry and professional standards. - ISEB Foundation Certificate in Software Testing

What do we do? We are an autonomous and independently audited cyber security evaluation centre, conducting security research into the safety and security of various products and services used inside of the UK such as smartphones to core networks in fibre broadband and 2G, 3G and 4G networks. Due to the secure nature of our client’s project, the successful candidate must either hold valid or be willing to undergo DV Clearance prior to the commencement of the project. We’re conducting world leading security capabilities as well as using deep dive investigative techniques and elite vulnerability research. We don’t just run Nessus, if there isn’t a tool for what we want to test, we build one. What do we need? Above all else we’d like to speak with passionate and proactive offensive security professionals with a strong low level, ground up knowledge. We’re not just running tick box exercises, that’s why you’ll need to know the fundamentals. You’ll be the sort of person that is fascinated by pulling things apart and breaking them; who comes across something a bit odd and can’t help but investigate it further. In terms of technical experience, you’ll need to be familiar with: * Reverse Engineering * Exploit Development * Using and/or creating bespoke tools * Embedded Systems * Networking * Internet Protocol * Static & Dynamic Analysis * Bonus points for… * Programming (Object oriented languages and/or assembly a bonus) * Degree in Computer Science, Electrical Engineering, Robotics or similar What’s in it for me? You’ll get to literally throw everything at projects and investigate in ways that are not common place in other security teams. You’ll be dealing with bugs that could potentially effect the nation so you’ll be doing innovative vulnerability research in a fun and collaborative environment, using cutting edge technologies. You’ll get to work with some of the most talented cyber security professionals in the country and benefit from their knowledge. You’ll be encouraged to cross skill and be free to take on personal research and personal development in the 20% of time we allocate. You’ll have access to an individual personal training budget and have plenty of opportunity to grow because we actively promote professional development. If you’d like to discuss the role in more detail you can contact our recruitment partner Outsource UK for more information. Contact Shirin Fahri on (Apply online only) or email (url removed). Alternatively, to skip this and meet us, contact us for details on our security event in Leamington on 25th October and receive our attendee challenge to get a ticket! Shirin Fahri (Apply online only) (url removed) Please visit our website (url removed)