Description At Engine by Starling, we are on a mission to find and work with leading banks all around the world who have the ambition to build rapid growth businesses, on our technology. Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling Bank, and a year ago we split out as a separate business. Starling Bank has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up. This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success. As a company, everyone is expected to roll up their sleeves to help deliver great outcomes for our clients. We are an engineering led company and we're looking for someone who will be excited by the potential for Engine's technology to transform banking in different markets around the world. Hybrid Working We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. About the Role We are looking for an experienced Penetration Tester who can bridge the gap between deep technical exploitation and real-world business risk. This isn't just about running scanners and handing over a PDF; it's about adversarial empathy, understanding how our systems and services work so you can show us how they may be compromised. While you will sit within the Information Security team, you won't be siloed; you will be "dropped in" to test across various business domains, working side-by-side with Infrastructure Engineers and Software Developers and in collaboration with all parts of the Information Security Team. Your approach is to move beyond finding 'bugs' to helping out teams build inherently resilient systems. As an early member of our internal Pentesting capability, you won't just follow a manual, you will help write it. A key aspect of this role involves: Collaborating with your peers to design a continuous testing framework that evolves with our tech stack. Sharing knowledge with the wider technical faculty to elevate our collective security posture. Additionally, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation. Responsibilities: End-to-End Assessments: Conducting penetration tests on our core banking platform, focusing on Cloud and Application Security. Code Review: Performing manual secure code reviews to identify logic flaws and security anti-patterns. Threat Modelling: Participate in sessions with different teams to identify design flaws before code is written. Risk Contextualisation: Contextualising technical vulnerabilities into "Real-World Risk" scenarios to demonstrate business impact to non-technical executives and within Engine's risk management framework. Cloud Security: Collaborating with Infrastructure teams to audit and secure cloud configurations. Autonomous Execution: Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains. Remediation: Providing clear, actionable remediation advice that balances security requirements with engineering velocity. Strategic Reporting: Translate complex technical exploits into actionable business risk summaries for non-technical stakeholders and executive leadership. Requirements We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Technical Skills Ideally, we would like: Experience: 5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs. Tooling: Expert-level proficiency with industry-standard tools and the ability to "go manual" when scanners fail. Cloud Native: Experience with Cloud Security, (AWS/GCP) specifically AWS/EKS. Code Fluency: Ability to conduct code reviews in multiple languages, primarily Java and Go. Mobile: Experience testing Mobile Applications (iOS and Android). Design Review: Proven experience in Threat Modelling. SDLC: You have a working understanding of how software is architected, built and deployed. Scripting: You have the ability to write your own scripts and tooling to aid in pentesting and improve efficiency. Golang, Python etc. Soft Skills Communication: Exceptional written and spoken communication skills: the ability to communicate complex technical issues to engineers and business risk to executives. Proactivity: A self-starting nature. You don't wait for a ticket to find a vulnerability. Got downtime? You're digging into codebases, closing off retesting items and generally getting it done. Independence: Ability to work independently while remaining a collaborative partner to the wider engineering team. Adaptability: Engine is evolving. You are able to evolve and develop as our requirements shift over time. Certifications: Relevant industry certifications (OSCP, OSWE, CCT-APP, CCT-INF etc.) or relevant demonstrable experience. Nice to have: Infrastructure as Code (IaC): Experience auditing Terraform or CloudFormation templates. DevSecOps: Familiarity with integrating security tooling (DAST/SAST) into CI/CD pipelines. Interview process Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: 45 minutes with our BISO 60 minutes technical interveiw with two of the team 45 minutes our CTO Benefits We have a Hybrid approach to working here at Starling - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. In Technology, we're asking that you attend the office a minimum of 1 day per week. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
05/05/2026
Full time
Description At Engine by Starling, we are on a mission to find and work with leading banks all around the world who have the ambition to build rapid growth businesses, on our technology. Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling Bank, and a year ago we split out as a separate business. Starling Bank has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up. This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success. As a company, everyone is expected to roll up their sleeves to help deliver great outcomes for our clients. We are an engineering led company and we're looking for someone who will be excited by the potential for Engine's technology to transform banking in different markets around the world. Hybrid Working We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. About the Role We are looking for an experienced Penetration Tester who can bridge the gap between deep technical exploitation and real-world business risk. This isn't just about running scanners and handing over a PDF; it's about adversarial empathy, understanding how our systems and services work so you can show us how they may be compromised. While you will sit within the Information Security team, you won't be siloed; you will be "dropped in" to test across various business domains, working side-by-side with Infrastructure Engineers and Software Developers and in collaboration with all parts of the Information Security Team. Your approach is to move beyond finding 'bugs' to helping out teams build inherently resilient systems. As an early member of our internal Pentesting capability, you won't just follow a manual, you will help write it. A key aspect of this role involves: Collaborating with your peers to design a continuous testing framework that evolves with our tech stack. Sharing knowledge with the wider technical faculty to elevate our collective security posture. Additionally, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation. Responsibilities: End-to-End Assessments: Conducting penetration tests on our core banking platform, focusing on Cloud and Application Security. Code Review: Performing manual secure code reviews to identify logic flaws and security anti-patterns. Threat Modelling: Participate in sessions with different teams to identify design flaws before code is written. Risk Contextualisation: Contextualising technical vulnerabilities into "Real-World Risk" scenarios to demonstrate business impact to non-technical executives and within Engine's risk management framework. Cloud Security: Collaborating with Infrastructure teams to audit and secure cloud configurations. Autonomous Execution: Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains. Remediation: Providing clear, actionable remediation advice that balances security requirements with engineering velocity. Strategic Reporting: Translate complex technical exploits into actionable business risk summaries for non-technical stakeholders and executive leadership. Requirements We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Technical Skills Ideally, we would like: Experience: 5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs. Tooling: Expert-level proficiency with industry-standard tools and the ability to "go manual" when scanners fail. Cloud Native: Experience with Cloud Security, (AWS/GCP) specifically AWS/EKS. Code Fluency: Ability to conduct code reviews in multiple languages, primarily Java and Go. Mobile: Experience testing Mobile Applications (iOS and Android). Design Review: Proven experience in Threat Modelling. SDLC: You have a working understanding of how software is architected, built and deployed. Scripting: You have the ability to write your own scripts and tooling to aid in pentesting and improve efficiency. Golang, Python etc. Soft Skills Communication: Exceptional written and spoken communication skills: the ability to communicate complex technical issues to engineers and business risk to executives. Proactivity: A self-starting nature. You don't wait for a ticket to find a vulnerability. Got downtime? You're digging into codebases, closing off retesting items and generally getting it done. Independence: Ability to work independently while remaining a collaborative partner to the wider engineering team. Adaptability: Engine is evolving. You are able to evolve and develop as our requirements shift over time. Certifications: Relevant industry certifications (OSCP, OSWE, CCT-APP, CCT-INF etc.) or relevant demonstrable experience. Nice to have: Infrastructure as Code (IaC): Experience auditing Terraform or CloudFormation templates. DevSecOps: Familiarity with integrating security tooling (DAST/SAST) into CI/CD pipelines. Interview process Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: 45 minutes with our BISO 60 minutes technical interveiw with two of the team 45 minutes our CTO Benefits We have a Hybrid approach to working here at Starling - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. In Technology, we're asking that you attend the office a minimum of 1 day per week. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
Description Starling is the UK's first and leading digital bank on a mission to fix banking! We built a new kind of bank because we knew technology had the power to help people save, spend and manage their money in a new and transformative way. Read more about Our Story here. We're a fully licensed UK bank with the culture and spirit of a fast-moving, disruptive tech company. We're a bank, but better: fairer, easier to use and designed to demystify money for everyone. We employ more than 3,000 people across our London, Southampton, Cardiff and Manchester offices. Our technologists are at the very heart of Starling and enjoy working in a fast-paced environment that is all about building things, creating new stuff, and disruptive technology that keeps us on the cutting edge of fintech. We operate a flat structure to empower you to make decisions regardless of what your primary responsibilities may be, innovation and collaboration will be at the core of everything you do. Help is never far away in our open culture, you will find support in your team and from across the business, we are in this together! The way to thrive and shine within Starling is to be a self-driven individual and be able to take full ownership of everything around you: From building things, designing, discovering, to sharing knowledge with your colleagues and making sure all processes are efficient and productive to deliver the best possible results for our customers. Our purpose is underpinned by five Starling values: Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness. Hybrid Working We have a Hybrid approach to working here at Starling - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. In Technology, we're asking that you attend the office a minimum of 1 day per week. About the Role As an experienced Penetration Tester at Starling, you'll be joining an established team, working with talented cyber security professionals to ensure our services are designed, developed and operated securely. This is a collaborative role - you'll directly interact with multiple areas of the business to understand requirements, conduct research, perform security testing, and report issues aligned to our risk framework. Being an internal tester, you'll gain a strong understanding of how technology works at Starling to enable in-depth testing. You'll also support remediation processes, seeing your findings lead to tangible security improvements. We understand the importance of knowledge and expertise remaining current, so we'll actively support your advancement through research and training. In turn, you'll help us continuously improve our processes, methodologies and tools to maintain the highest standard of testing. Responsibilities Scoping and performing mobile, web application, cloud and infrastructure penetration tests. Collaborating with engineering teams to facilitate secure development, including: Reviewing and analysing proposed technical solutions to identify appropriate security controls. Conducting code reviews of features and critical security components. Performing in-depth practical security testing. Advising on the remediation of security issues and identifying solutions to address root causes. Automating security testing and developing internal tooling to achieve continuous assurance. Identifying and implementing improvements to the team's internal processes and procedures. Mentoring less-experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling. Requirements We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Ideally, we would like: 5+ years technical information security experience. Experience in mobile, web application, cloud and infrastructure penetration testing. Technical knowledge - we don't expect mastery of every area, but are looking for a good foundation in the following domains: Mobile security (iOS and Android) Web application security Networking and associated protocols Cloud security (AWS and GCP) Containers and Kubernetes A desire to learn, and the ability to apply technical security knowledge to new and unfamiliar areas. Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience. Experience performing code reviews or code-assisted testing, particularly in Java and Go. Experience in automation of security testing (e.g. using Python or Go). Excellent verbal and written communication skills. Interview process Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: First stage with the Penetration Testing Team Lead Second stage with additional members of the Penetration Testing team Final stage with Infosec Director and CISO Benefits We have a Hybrid approach to working here at Starling - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. In Technology, we're asking that you attend the office a minimum of 1 day per week. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
05/05/2026
Full time
Description Starling is the UK's first and leading digital bank on a mission to fix banking! We built a new kind of bank because we knew technology had the power to help people save, spend and manage their money in a new and transformative way. Read more about Our Story here. We're a fully licensed UK bank with the culture and spirit of a fast-moving, disruptive tech company. We're a bank, but better: fairer, easier to use and designed to demystify money for everyone. We employ more than 3,000 people across our London, Southampton, Cardiff and Manchester offices. Our technologists are at the very heart of Starling and enjoy working in a fast-paced environment that is all about building things, creating new stuff, and disruptive technology that keeps us on the cutting edge of fintech. We operate a flat structure to empower you to make decisions regardless of what your primary responsibilities may be, innovation and collaboration will be at the core of everything you do. Help is never far away in our open culture, you will find support in your team and from across the business, we are in this together! The way to thrive and shine within Starling is to be a self-driven individual and be able to take full ownership of everything around you: From building things, designing, discovering, to sharing knowledge with your colleagues and making sure all processes are efficient and productive to deliver the best possible results for our customers. Our purpose is underpinned by five Starling values: Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness. Hybrid Working We have a Hybrid approach to working here at Starling - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. In Technology, we're asking that you attend the office a minimum of 1 day per week. About the Role As an experienced Penetration Tester at Starling, you'll be joining an established team, working with talented cyber security professionals to ensure our services are designed, developed and operated securely. This is a collaborative role - you'll directly interact with multiple areas of the business to understand requirements, conduct research, perform security testing, and report issues aligned to our risk framework. Being an internal tester, you'll gain a strong understanding of how technology works at Starling to enable in-depth testing. You'll also support remediation processes, seeing your findings lead to tangible security improvements. We understand the importance of knowledge and expertise remaining current, so we'll actively support your advancement through research and training. In turn, you'll help us continuously improve our processes, methodologies and tools to maintain the highest standard of testing. Responsibilities Scoping and performing mobile, web application, cloud and infrastructure penetration tests. Collaborating with engineering teams to facilitate secure development, including: Reviewing and analysing proposed technical solutions to identify appropriate security controls. Conducting code reviews of features and critical security components. Performing in-depth practical security testing. Advising on the remediation of security issues and identifying solutions to address root causes. Automating security testing and developing internal tooling to achieve continuous assurance. Identifying and implementing improvements to the team's internal processes and procedures. Mentoring less-experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling. Requirements We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Ideally, we would like: 5+ years technical information security experience. Experience in mobile, web application, cloud and infrastructure penetration testing. Technical knowledge - we don't expect mastery of every area, but are looking for a good foundation in the following domains: Mobile security (iOS and Android) Web application security Networking and associated protocols Cloud security (AWS and GCP) Containers and Kubernetes A desire to learn, and the ability to apply technical security knowledge to new and unfamiliar areas. Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience. Experience performing code reviews or code-assisted testing, particularly in Java and Go. Experience in automation of security testing (e.g. using Python or Go). Excellent verbal and written communication skills. Interview process Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: First stage with the Penetration Testing Team Lead Second stage with additional members of the Penetration Testing team Final stage with Infosec Director and CISO Benefits We have a Hybrid approach to working here at Starling - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. In Technology, we're asking that you attend the office a minimum of 1 day per week. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
Do you enjoy attacking networks? Do you enjoy sifting through large amounts of attack surface, crafting novel attack chains to breach a client's perimeter, gaining initial access, laterally moving, and demonstrating impact, all while evading security teams and their controls? As a penetration tester on the Global Services team at Rapid7, you will help our clients improve their security posture through your technical skills and knowledge of both offensive and defense strategies. About the Team Vector Command is an always-on Red Team operation supporting multiple customers. As part of a specialized team, you will emulate real adversaries by performing large-scale reconnaissance, identifying exposed or high-value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post-compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities-it tests the customer's entire security posture and defense-in-depth strategy. In addition to offensive operations, you will support customers through external attack surface analysis, exposure reconnaissance, integration of accounts and tools, preparation of monthly Red Team reports, and prioritization of customer requests. Daily collaboration with Vector Command operators is essential, as is maintaining awareness of new vulnerabilities, shifts in customer attack surfaces, and changes across customer environments. About the Role Your primary responsibility is to deliver Rapid7's Vector Command Continuous Red Teaming service. In this role, you will design social engineering campaigns which function at scale, supporting numerous customers each month, emulating modern adversary TTPs. These campaigns focus on initial access, not click rates, and are often combined with external vulnerabilities or misconfigurations to demonstrate real-world impact. Specifically, your focus will be to: Deploy, configure, and maintain social engineering infrastructure to perform phishing operations at scale. Perform manual and automated reconnaissance at scale to identify targets for social engineering operations each month. Leverage external network vulnerabilities reported by Vector Command team members in targeted real world social engineering attacks (incorporate subdomain takeovers, cross site scripting, etc. into campaigns). Research the latest techniques in social engineering and implement them in monthly campaigns. Research and test methods to bypass social engineering defenses such as email filters, download restrictions, multi factor authentication mechanisms, etc. Be an expert in sending phishing emails which make it to the client's inbox. Design and execute vishing campaigns. Incorporate payloads provided by the Red Team lead into phishing and vishing operations. Upon successful credential breach or payload execution, evaluate the impact and coordinate with Vector Command team members for post compromise breach simulation. Collaborate closely with a team of Red Team operators, participating in daily meetings to establish attack objectives and operational direction. Develop and maintain positive relationships with clients and understand their business and needs. Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and leading practices. The skills and qualities you'll bring include: 5+ years in an active technical security role Strong knowledge of the following: Advanced Social engineering techniques and tactics Infrastructure management and deployment (domain records, web servers, terraform, ansible, phishing website creation). Modern penetration testing tools and methods Network, wireless and web application security concepts Experience using interpreted languages (Ruby, Python, PHP, etc.) Knowledge of common regulatory structures and obligations and common I.T. governance. Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet facing attack surfaces Certifications such as OSCP, OSCE, GXPN, OSEE, CREST Experience with Red & Purple Teams Excellent communication skills both with internal and external stakeholders Collaborative mindset, contributing to knowledge sharing and cross training Demonstrate a commitment to the "end-to-end" testing process, from the initial pre engagement planning to providing accountable support during the final remediation phase. Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. We know that the best ideas and solutions come from multi dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today. About Rapid7 At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.
05/05/2026
Full time
Do you enjoy attacking networks? Do you enjoy sifting through large amounts of attack surface, crafting novel attack chains to breach a client's perimeter, gaining initial access, laterally moving, and demonstrating impact, all while evading security teams and their controls? As a penetration tester on the Global Services team at Rapid7, you will help our clients improve their security posture through your technical skills and knowledge of both offensive and defense strategies. About the Team Vector Command is an always-on Red Team operation supporting multiple customers. As part of a specialized team, you will emulate real adversaries by performing large-scale reconnaissance, identifying exposed or high-value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post-compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities-it tests the customer's entire security posture and defense-in-depth strategy. In addition to offensive operations, you will support customers through external attack surface analysis, exposure reconnaissance, integration of accounts and tools, preparation of monthly Red Team reports, and prioritization of customer requests. Daily collaboration with Vector Command operators is essential, as is maintaining awareness of new vulnerabilities, shifts in customer attack surfaces, and changes across customer environments. About the Role Your primary responsibility is to deliver Rapid7's Vector Command Continuous Red Teaming service. In this role, you will design social engineering campaigns which function at scale, supporting numerous customers each month, emulating modern adversary TTPs. These campaigns focus on initial access, not click rates, and are often combined with external vulnerabilities or misconfigurations to demonstrate real-world impact. Specifically, your focus will be to: Deploy, configure, and maintain social engineering infrastructure to perform phishing operations at scale. Perform manual and automated reconnaissance at scale to identify targets for social engineering operations each month. Leverage external network vulnerabilities reported by Vector Command team members in targeted real world social engineering attacks (incorporate subdomain takeovers, cross site scripting, etc. into campaigns). Research the latest techniques in social engineering and implement them in monthly campaigns. Research and test methods to bypass social engineering defenses such as email filters, download restrictions, multi factor authentication mechanisms, etc. Be an expert in sending phishing emails which make it to the client's inbox. Design and execute vishing campaigns. Incorporate payloads provided by the Red Team lead into phishing and vishing operations. Upon successful credential breach or payload execution, evaluate the impact and coordinate with Vector Command team members for post compromise breach simulation. Collaborate closely with a team of Red Team operators, participating in daily meetings to establish attack objectives and operational direction. Develop and maintain positive relationships with clients and understand their business and needs. Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and leading practices. The skills and qualities you'll bring include: 5+ years in an active technical security role Strong knowledge of the following: Advanced Social engineering techniques and tactics Infrastructure management and deployment (domain records, web servers, terraform, ansible, phishing website creation). Modern penetration testing tools and methods Network, wireless and web application security concepts Experience using interpreted languages (Ruby, Python, PHP, etc.) Knowledge of common regulatory structures and obligations and common I.T. governance. Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet facing attack surfaces Certifications such as OSCP, OSCE, GXPN, OSEE, CREST Experience with Red & Purple Teams Excellent communication skills both with internal and external stakeholders Collaborative mindset, contributing to knowledge sharing and cross training Demonstrate a commitment to the "end-to-end" testing process, from the initial pre engagement planning to providing accountable support during the final remediation phase. Core Value Embodiment: Embody our core values to foster a culture of excellence that drives meaningful impact and collective success. We know that the best ideas and solutions come from multi dimensional teams. That's because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don't be shy - apply today. About Rapid7 At Rapid7, our vision is to create a secure digital world for our customers, our industry, and our communities. We do this by harnessing our collective expertise and passion to challenge what's possible and drive extraordinary impact. We're building a dynamic and collaborative workplace where new ideas are welcome. Protecting 11,000+ customers against bad actors and threats means we're continuing to push the envelope just like we' ve been doing for the past 20 years. If you 're ready to solve some of the toughest challenges in cybersecurity, we're ready to help you take command of your career. Join us.
A leading information security company in the UK is seeking an experienced penetration tester. This role involves conducting comprehensive penetration tests on various environments, including web applications and Cloud services. The ideal candidate will have at least two years of experience, relevant certifications, and strong communication skills. The position offers flexibility to work remotely or in hybrid arrangements, competitive salary ranging from £40,000 to £65,000 per annum, and a focus on professional growth and well-being.
05/05/2026
Full time
A leading information security company in the UK is seeking an experienced penetration tester. This role involves conducting comprehensive penetration tests on various environments, including web applications and Cloud services. The ideal candidate will have at least two years of experience, relevant certifications, and strong communication skills. The position offers flexibility to work remotely or in hybrid arrangements, competitive salary ranging from £40,000 to £65,000 per annum, and a focus on professional growth and well-being.
Location This role offers flexibility to work remotely from your own home, or as a hybrid arrangement and work from our offices in Oxford or Glasgow, if preferred. There is also a requirement for flexibility from employees to visit client sites across the UK as part of this role. Why join Dionach by Nomios? Since being acquired by Nomios in late 2024, Dionach by Nomios has continued its dynamic growth as a leading information security company. Specializing in penetration testing and information assurance services, we offer an incredible opportunity to be part of an experienced team, build your skills, and grow professionally. Dionach by Nomios holds impressive certifications, including CREST, CHECK, PCI QSA, and ISO 27001. With our focus on enhancing customers' security and fostering team development, you'll be joining a company that prioritizes both your growth and the safety of our clients. Dionach is also proud to be Great Place To Work Certified , a recognition based entirely on feedback from our team. We're committed to creating an environment where people feel supported, valued and able to grow. Learn more about our certification here: Working at Dionach Great Place to Work UK. We're in an exciting phase of expansion and are looking for self-motivated individuals ready to thrive in a fun, flexible environment. At Dionach by Nomios, your contributions will have a genuine impact on the business, and you'll find opportunities for both interesting work and career development. Benefits Our employees are the heart of our business. We value our employees and invest in their growth and well-being. Here's what we offer: Hybrid Working: Flexibility to work remotely or use our UK offices around client visits. Professional Growth: Access to training labs, certification sponsorship, and time for skill development. Well-being Focus: Private health insurance, eye care plan, income protection, EAP scheme, and well-being platform. Our Commitment to Diversity and Inclusion At Dionach by Nomios, we believe that diversity fuels innovation. We're dedicated to creating an inclusive workplace where everyone feels valued and respected. We welcome applications from all backgrounds, perspectives, and experiences, and we're committed to being an equal opportunity employer. We do not discriminate based on race, religion, gender, age, disability, or any other legally protected status. We encourage candidates from underrepresented groups to apply and are committed to providing a supportive and accessible environment for all our employees. If you require accommodations during the application process, let us know, and we'll work to meet your needs. The salary band advertised for this role is £40,000 to £65,000 per annum, depending on experience. What You'll Do Conduct penetration tests across various environments, including web applications, APIs, Cloud, and network infrastructure. Issue detailed reports outlining findings, risks, and recommendations for remediation. Translate complex technical findings into actionable insights for both technical and non-technical audiences. Stay updated with the latest security trends, tools, and techniques. Participate in research and development projects. Focus on your development by attaining industry recognised certifications. Be available for occasional on-call duties and on-site client engagements, as needed. What We're Looking For Certifications: Relevant certifications such as CREST CRT, CREST CCT, OSCP, OSWE, OSCE, or equivalent level. Experience: At least two years in penetration testing, covering network, web, and internal tests and customer engagements. Tools: Proficiency with tools like Burpsuite Pro, Nessus, and other industry standards. Communication: Strong verbal and written skills for stakeholder management, collaboration and report writing. Independence: Ability to work solo or as part of a team on penetration tests. Eligibility: Right to work in the UK and eligibility for security clearance. Key Attributes Analytical thinker with a proactive, detail oriented approach. Excellent verbal and written communication skills, capable of engaging with technical and non-technical stakeholders. Ability to work effectively under pressure and adapt to rapidly changing threat landscapes. Commitment to maintaining the highest ethical and professional standards. Are you an experienced penetration tester looking to further improve your skills and take on more responsibilities? If so, this opportunity is perfect for you! We look forward to receiving your applications!
05/05/2026
Full time
Location This role offers flexibility to work remotely from your own home, or as a hybrid arrangement and work from our offices in Oxford or Glasgow, if preferred. There is also a requirement for flexibility from employees to visit client sites across the UK as part of this role. Why join Dionach by Nomios? Since being acquired by Nomios in late 2024, Dionach by Nomios has continued its dynamic growth as a leading information security company. Specializing in penetration testing and information assurance services, we offer an incredible opportunity to be part of an experienced team, build your skills, and grow professionally. Dionach by Nomios holds impressive certifications, including CREST, CHECK, PCI QSA, and ISO 27001. With our focus on enhancing customers' security and fostering team development, you'll be joining a company that prioritizes both your growth and the safety of our clients. Dionach is also proud to be Great Place To Work Certified , a recognition based entirely on feedback from our team. We're committed to creating an environment where people feel supported, valued and able to grow. Learn more about our certification here: Working at Dionach Great Place to Work UK. We're in an exciting phase of expansion and are looking for self-motivated individuals ready to thrive in a fun, flexible environment. At Dionach by Nomios, your contributions will have a genuine impact on the business, and you'll find opportunities for both interesting work and career development. Benefits Our employees are the heart of our business. We value our employees and invest in their growth and well-being. Here's what we offer: Hybrid Working: Flexibility to work remotely or use our UK offices around client visits. Professional Growth: Access to training labs, certification sponsorship, and time for skill development. Well-being Focus: Private health insurance, eye care plan, income protection, EAP scheme, and well-being platform. Our Commitment to Diversity and Inclusion At Dionach by Nomios, we believe that diversity fuels innovation. We're dedicated to creating an inclusive workplace where everyone feels valued and respected. We welcome applications from all backgrounds, perspectives, and experiences, and we're committed to being an equal opportunity employer. We do not discriminate based on race, religion, gender, age, disability, or any other legally protected status. We encourage candidates from underrepresented groups to apply and are committed to providing a supportive and accessible environment for all our employees. If you require accommodations during the application process, let us know, and we'll work to meet your needs. The salary band advertised for this role is £40,000 to £65,000 per annum, depending on experience. What You'll Do Conduct penetration tests across various environments, including web applications, APIs, Cloud, and network infrastructure. Issue detailed reports outlining findings, risks, and recommendations for remediation. Translate complex technical findings into actionable insights for both technical and non-technical audiences. Stay updated with the latest security trends, tools, and techniques. Participate in research and development projects. Focus on your development by attaining industry recognised certifications. Be available for occasional on-call duties and on-site client engagements, as needed. What We're Looking For Certifications: Relevant certifications such as CREST CRT, CREST CCT, OSCP, OSWE, OSCE, or equivalent level. Experience: At least two years in penetration testing, covering network, web, and internal tests and customer engagements. Tools: Proficiency with tools like Burpsuite Pro, Nessus, and other industry standards. Communication: Strong verbal and written skills for stakeholder management, collaboration and report writing. Independence: Ability to work solo or as part of a team on penetration tests. Eligibility: Right to work in the UK and eligibility for security clearance. Key Attributes Analytical thinker with a proactive, detail oriented approach. Excellent verbal and written communication skills, capable of engaging with technical and non-technical stakeholders. Ability to work effectively under pressure and adapt to rapidly changing threat landscapes. Commitment to maintaining the highest ethical and professional standards. Are you an experienced penetration tester looking to further improve your skills and take on more responsibilities? If so, this opportunity is perfect for you! We look forward to receiving your applications!
Senior Penetration Tester Horsham Hybrid Permanent Competitive salary VIQU has partnered with a leading organisation to recruit a Senior Penetration Tester to play a critical role in protecting business assets through the delivery of advanced offensive security services. This Senior Penetration Tester position offers the opportunity to lead complex engagements across network, application, and cloud environments while working closely with defensive teams on purple team exercises. The successful individual will combine deep technical expertise with strong stakeholder communication, helping translate business risk into actionable security improvements within a mature Cyber Defence function. Key Responsibilities: • Lead the scoping, planning, and delivery of complex penetration tests across networks, applications, cloud, and emerging technologies • Conduct advanced offensive security assessments, identifying and exploiting vulnerabilities with clear remediation guidance • Collaborate with defensive teams to design and execute purple team exercises to enhance detection and response capabilities • Produce high-quality reports tailored to both technical and non-technical stakeholders • Support vulnerability validation and provide technical expertise during incident response activities • Mentor junior testers, promoting best practices and continuous team development • Peer review testing methodologies and reports to ensure quality and consistency • Stay current with evolving threats, tools, and techniques to improve overall security posture • Contribute to secure development lifecycle (SDLC) security testing practices • Support adherence to regulatory and industry standards including GDPR, PCI-DSS, and FCA guidance Key Requirements: • Minimum 5 years experience leading penetration tests across network, web, cloud, and red/purple team engagements • Strong knowledge of penetration testing tools, techniques, and methodologies • In-depth understanding of MITRE ATT&CK framework and adversarial TTPs • Proven ability to identify, validate, and clearly articulate vulnerabilities and risk • Experience producing high-quality reports with clear remediation guidance • Knowledge of OWASP and application security principles • Experience with automated, dynamic, and static security testing tools • Ability to perform threat modelling and attack surface analysis • Experience working with or managing third-party security providers • Relevant certifications such as OSCP, CREST, SANS, CRTO or equivalent experience Apply today to speak with VIQU in confidence or contact Belle Hegarty via the VIQU website Know someone exceptional for this Senior Penetration Tester position? Refer them and receive up to £1,000 if successful (terms apply). Follow us on IT Recruitment for more exciting opportunities. Senior Penetration Tester Horsham Hybrid Permanent Competitive salary
05/05/2026
Full time
Senior Penetration Tester Horsham Hybrid Permanent Competitive salary VIQU has partnered with a leading organisation to recruit a Senior Penetration Tester to play a critical role in protecting business assets through the delivery of advanced offensive security services. This Senior Penetration Tester position offers the opportunity to lead complex engagements across network, application, and cloud environments while working closely with defensive teams on purple team exercises. The successful individual will combine deep technical expertise with strong stakeholder communication, helping translate business risk into actionable security improvements within a mature Cyber Defence function. Key Responsibilities: • Lead the scoping, planning, and delivery of complex penetration tests across networks, applications, cloud, and emerging technologies • Conduct advanced offensive security assessments, identifying and exploiting vulnerabilities with clear remediation guidance • Collaborate with defensive teams to design and execute purple team exercises to enhance detection and response capabilities • Produce high-quality reports tailored to both technical and non-technical stakeholders • Support vulnerability validation and provide technical expertise during incident response activities • Mentor junior testers, promoting best practices and continuous team development • Peer review testing methodologies and reports to ensure quality and consistency • Stay current with evolving threats, tools, and techniques to improve overall security posture • Contribute to secure development lifecycle (SDLC) security testing practices • Support adherence to regulatory and industry standards including GDPR, PCI-DSS, and FCA guidance Key Requirements: • Minimum 5 years experience leading penetration tests across network, web, cloud, and red/purple team engagements • Strong knowledge of penetration testing tools, techniques, and methodologies • In-depth understanding of MITRE ATT&CK framework and adversarial TTPs • Proven ability to identify, validate, and clearly articulate vulnerabilities and risk • Experience producing high-quality reports with clear remediation guidance • Knowledge of OWASP and application security principles • Experience with automated, dynamic, and static security testing tools • Ability to perform threat modelling and attack surface analysis • Experience working with or managing third-party security providers • Relevant certifications such as OSCP, CREST, SANS, CRTO or equivalent experience Apply today to speak with VIQU in confidence or contact Belle Hegarty via the VIQU website Know someone exceptional for this Senior Penetration Tester position? Refer them and receive up to £1,000 if successful (terms apply). Follow us on IT Recruitment for more exciting opportunities. Senior Penetration Tester Horsham Hybrid Permanent Competitive salary
Sunderland Hybrid Permanent What this role looks like At tombola, everything we build is in house, which means security is not something we bolt on at the end, it is built in from the start. As a Product Security Engineer, you will sit right at the heart of that. You will work closely with our development teams, getting real visibility of what is being built and shaping how we keep it secure as we go. This is not a role where you are hidden away running tests in isolation. You will be collaborating, influencing, translating risk into real action, and helping teams make better security decisions every day. You will play a key part in protecting our platform, our players, and our business as we continue to grow. We're big on working together, so you'll spend around 3 days a week in our Sunderland office getting that face to face time with the team, with around 2 days working from home for a bit of focus and flexibility. What you will be doing You will be involved across three key areas of product security: External testing Working with third party partners to meet regulatory requirements and making sure we are always one step ahead. Supporting annual and quarterly security testing Choosing the right external tools and providers Turning findings into clear, actionable improvements across our platform Internal testing Taking ownership of how we proactively test and improve our security internally. Running automated and manual security testing across our sites Identifying and prioritising vulnerabilities across the platform Continuously improving our tooling to keep pace with evolving threats Secure development lifecycle (SDLC) Embedding security into how we build, not just how we test. Partnering with developers, product and infrastructure teams Helping prioritise and resolve vulnerabilities early in the lifecycle Supporting pre go live testing to reduce risk Building and integrating security tooling into CI CD pipelines Empowering teams to make better security decisions from day one What we are looking for You do not need to tick every box, but this is the kind of experience that will help you thrive: A genuine interest in security and staying up to date with new threats Experience working in or alongside a security function Confidence identifying problems and figuring out the best way to solve them Understanding of security frameworks and standards such as ISO, NIST or PCI Experience working with developers or within a secure development lifecycle Awareness of common vulnerabilities such as OWASP Top Ten Familiarity with cloud platforms and modern development environments Ability to script or automate tasks where needed Experience working with third party vendors or penetration testers What will set you apart Ability to translate technical findings into something clear and actionable Confidence working with both technical and non technical stakeholders A mindset that naturally considers risk and security in everything Someone who builds strong relationships and influences teams in the right way Passion for doing things properly, not just quickly Why tombola? We are not your typical tech company. Everything we build is ours, which means you will have real ownership and real impact. You will be part of a team that genuinely cares about: Doing things the right way Supporting each other Building products we are proud of Plus we have some pretty great benefits too click here to check them out. At tombola we know that our differences make us stronger and that thinking differently is key to long term success. We work hard to create a culture of inclusivity where everyone can celebrate our Free to be mevalue. We are committed to creating opportunities for everyone here at tombola, we welcome applications from all backgrounds and encourage individuals to apply, even if you don't meet every requirement.
03/05/2026
Full time
Sunderland Hybrid Permanent What this role looks like At tombola, everything we build is in house, which means security is not something we bolt on at the end, it is built in from the start. As a Product Security Engineer, you will sit right at the heart of that. You will work closely with our development teams, getting real visibility of what is being built and shaping how we keep it secure as we go. This is not a role where you are hidden away running tests in isolation. You will be collaborating, influencing, translating risk into real action, and helping teams make better security decisions every day. You will play a key part in protecting our platform, our players, and our business as we continue to grow. We're big on working together, so you'll spend around 3 days a week in our Sunderland office getting that face to face time with the team, with around 2 days working from home for a bit of focus and flexibility. What you will be doing You will be involved across three key areas of product security: External testing Working with third party partners to meet regulatory requirements and making sure we are always one step ahead. Supporting annual and quarterly security testing Choosing the right external tools and providers Turning findings into clear, actionable improvements across our platform Internal testing Taking ownership of how we proactively test and improve our security internally. Running automated and manual security testing across our sites Identifying and prioritising vulnerabilities across the platform Continuously improving our tooling to keep pace with evolving threats Secure development lifecycle (SDLC) Embedding security into how we build, not just how we test. Partnering with developers, product and infrastructure teams Helping prioritise and resolve vulnerabilities early in the lifecycle Supporting pre go live testing to reduce risk Building and integrating security tooling into CI CD pipelines Empowering teams to make better security decisions from day one What we are looking for You do not need to tick every box, but this is the kind of experience that will help you thrive: A genuine interest in security and staying up to date with new threats Experience working in or alongside a security function Confidence identifying problems and figuring out the best way to solve them Understanding of security frameworks and standards such as ISO, NIST or PCI Experience working with developers or within a secure development lifecycle Awareness of common vulnerabilities such as OWASP Top Ten Familiarity with cloud platforms and modern development environments Ability to script or automate tasks where needed Experience working with third party vendors or penetration testers What will set you apart Ability to translate technical findings into something clear and actionable Confidence working with both technical and non technical stakeholders A mindset that naturally considers risk and security in everything Someone who builds strong relationships and influences teams in the right way Passion for doing things properly, not just quickly Why tombola? We are not your typical tech company. Everything we build is ours, which means you will have real ownership and real impact. You will be part of a team that genuinely cares about: Doing things the right way Supporting each other Building products we are proud of Plus we have some pretty great benefits too click here to check them out. At tombola we know that our differences make us stronger and that thinking differently is key to long term success. We work hard to create a culture of inclusivity where everyone can celebrate our Free to be mevalue. We are committed to creating opportunities for everyone here at tombola, we welcome applications from all backgrounds and encourage individuals to apply, even if you don't meet every requirement.
We are looking for a Senior Cyber and Systems Engineer to join Team OB in our Support Office. As a Senior Cyber and Systems Engineer at OB you will be protecting the company through strong IT security principles and implementing industry stand best practices. Working with and being the first point of contact for EDR partner and SOC you will ensure ongoing compliance with PCI DSS ensuring to adhere to its actively changing requirements. Our Support Office is based in Tolworth, near Chessington, only a 30-minute journey from London Waterloo. We offer hybrid working with a split of 3 days in the office and 2 days home working per week. A bit about us At Oliver Bonas (OB), our values of Work Hard, Play Hard & Be Kind are integral to everything we do. Collaboration, imagination, curiosity, and teamwork are key to our success, and everyone has their part to play in making OB a special place to work. Having fun is key, and a playful and positive approach creates an optimistic environment. We don't take ourselves too seriously, but we are serious about what we do. Our team knows their stuff. They're confident and creative and unafraid to challenge convention to find solutions, taking accountability for their actions, but always with kindness and humility. More about the role An OB Senior Cyber and Systems Engineer will: Work with our newly deployed SOC EDR partner in ensuring the network, cloud, and Retail Estate are secured from Cyber threats. Analyse any security breaches and report on findings and remediation's Monitor/Respond to Anti-Ransomware protection software Incidents. Handle and resolve security-related tickets from the helpdesk, including but not limited to Vipre spam filter and firewall unblock requests on store and Head Office networks. Monitor Netskope (Cloud Access Security Broker) for cloud usage on personal Google/Microsoft Accounts. This is to ensure the company's data is secured in line with the company's GDPR guidelines. Monitor and manage the three ESET antivirus consoles, ensuring they are updated regularly. Work in collaboration with the I.T Support team maintain up-to-date antivirus protection when installing new machines and address any issues promptly. Ensure ongoing compliance with PCI DSS standards. Conduct periodic checks to assess the status of compliance throughout the year. Manage annual compliance audit Conduct quarterly vulnerability scans and remediate any failed attempts Liaise with third party penetration testers and review findings Develop and implement action plans to address any identified compliance gaps. Oversee the management of digital certificates for services and applications. Ensure timely renewal and update of certificates to maintain secure operations. Assist in the delivery of cybersecurity training programs for end users. Promote security awareness and best practices across the organization. Conduct Regular Phishing Simulations Liaise with the Data Compliance manager on any Data Subject Requests Work with the IT support team, providing support on complex or urgent incidents where required. Ensure Network and infrastructure reflects the company's commitment to GDPR at all times and that our customers data is treated with utmost care and attention. Liaise with the GDPR compliance group and identify security risks and take actions where needed. Bonas Benefits: Generous employee discount up to 50% off all OB products Free access to our 24 hour employee assistance programme with Optima Health - offering financial, emotional and vocational support Flexible holiday - 30 days (including bank holidays) - increasing to 35 days with length of service Annual discretionary profit related bonus scheme Free membership for our Westfield Health Cash Plan or Private Medical Auto-enrolment into our pension plan Free access to our onsite gym Cycle to work scheme Refer a Friend incentive Quarterly free lunch Enhanced maternity, paternity, adoption and shared parental leave Equity, Diversity and Inclusivity Voice network and EDI team Mental Health First Aider support Education and support through 360L eLearning platform What we look for: CompTIA Network & Security+ or equivalent Certifications. IT experience across a range of different types of technology Solid understanding of IT infrastructure and current security posture Experience in complying with a PCI DSS audit and understanding its ongoing requirements. Strong problem-solving skills with a proven track record Background in I.T. support as well as Cyber security. Experience with Microsoft Entra Identity Protection/Conditional Access Experience of WAF solutions, such as Cloudflare is desirable. Knowledge of Email security protocols: DKIM/SPF/DMARC Diligent and a strong attention to detail Equity, Diversity & Inclusion at OB At Oliver Bonas, our promise is to do our bit to make living a joyful experience and give cause for optimism. This promise is central to our work in equity, diversity and inclusion (EDI). To bring joy to others, we must first ensure everyone at OB feels valued, included and most importantly, can be themselves at work. It is important to us that our brand reflects wider society and the communities in which we operate. As a result, we welcome all eligible applicants for this role however we are particularly interested in speaking to eligible candidates from the Black, Asian & Mixed Heritage communities. Oliver Bonas is a Disability Confident Committed employer under the Disability Confident employer scheme. To read more about our ED&I commitments, head over to the EDI page on our website:
03/05/2026
Full time
We are looking for a Senior Cyber and Systems Engineer to join Team OB in our Support Office. As a Senior Cyber and Systems Engineer at OB you will be protecting the company through strong IT security principles and implementing industry stand best practices. Working with and being the first point of contact for EDR partner and SOC you will ensure ongoing compliance with PCI DSS ensuring to adhere to its actively changing requirements. Our Support Office is based in Tolworth, near Chessington, only a 30-minute journey from London Waterloo. We offer hybrid working with a split of 3 days in the office and 2 days home working per week. A bit about us At Oliver Bonas (OB), our values of Work Hard, Play Hard & Be Kind are integral to everything we do. Collaboration, imagination, curiosity, and teamwork are key to our success, and everyone has their part to play in making OB a special place to work. Having fun is key, and a playful and positive approach creates an optimistic environment. We don't take ourselves too seriously, but we are serious about what we do. Our team knows their stuff. They're confident and creative and unafraid to challenge convention to find solutions, taking accountability for their actions, but always with kindness and humility. More about the role An OB Senior Cyber and Systems Engineer will: Work with our newly deployed SOC EDR partner in ensuring the network, cloud, and Retail Estate are secured from Cyber threats. Analyse any security breaches and report on findings and remediation's Monitor/Respond to Anti-Ransomware protection software Incidents. Handle and resolve security-related tickets from the helpdesk, including but not limited to Vipre spam filter and firewall unblock requests on store and Head Office networks. Monitor Netskope (Cloud Access Security Broker) for cloud usage on personal Google/Microsoft Accounts. This is to ensure the company's data is secured in line with the company's GDPR guidelines. Monitor and manage the three ESET antivirus consoles, ensuring they are updated regularly. Work in collaboration with the I.T Support team maintain up-to-date antivirus protection when installing new machines and address any issues promptly. Ensure ongoing compliance with PCI DSS standards. Conduct periodic checks to assess the status of compliance throughout the year. Manage annual compliance audit Conduct quarterly vulnerability scans and remediate any failed attempts Liaise with third party penetration testers and review findings Develop and implement action plans to address any identified compliance gaps. Oversee the management of digital certificates for services and applications. Ensure timely renewal and update of certificates to maintain secure operations. Assist in the delivery of cybersecurity training programs for end users. Promote security awareness and best practices across the organization. Conduct Regular Phishing Simulations Liaise with the Data Compliance manager on any Data Subject Requests Work with the IT support team, providing support on complex or urgent incidents where required. Ensure Network and infrastructure reflects the company's commitment to GDPR at all times and that our customers data is treated with utmost care and attention. Liaise with the GDPR compliance group and identify security risks and take actions where needed. Bonas Benefits: Generous employee discount up to 50% off all OB products Free access to our 24 hour employee assistance programme with Optima Health - offering financial, emotional and vocational support Flexible holiday - 30 days (including bank holidays) - increasing to 35 days with length of service Annual discretionary profit related bonus scheme Free membership for our Westfield Health Cash Plan or Private Medical Auto-enrolment into our pension plan Free access to our onsite gym Cycle to work scheme Refer a Friend incentive Quarterly free lunch Enhanced maternity, paternity, adoption and shared parental leave Equity, Diversity and Inclusivity Voice network and EDI team Mental Health First Aider support Education and support through 360L eLearning platform What we look for: CompTIA Network & Security+ or equivalent Certifications. IT experience across a range of different types of technology Solid understanding of IT infrastructure and current security posture Experience in complying with a PCI DSS audit and understanding its ongoing requirements. Strong problem-solving skills with a proven track record Background in I.T. support as well as Cyber security. Experience with Microsoft Entra Identity Protection/Conditional Access Experience of WAF solutions, such as Cloudflare is desirable. Knowledge of Email security protocols: DKIM/SPF/DMARC Diligent and a strong attention to detail Equity, Diversity & Inclusion at OB At Oliver Bonas, our promise is to do our bit to make living a joyful experience and give cause for optimism. This promise is central to our work in equity, diversity and inclusion (EDI). To bring joy to others, we must first ensure everyone at OB feels valued, included and most importantly, can be themselves at work. It is important to us that our brand reflects wider society and the communities in which we operate. As a result, we welcome all eligible applicants for this role however we are particularly interested in speaking to eligible candidates from the Black, Asian & Mixed Heritage communities. Oliver Bonas is a Disability Confident Committed employer under the Disability Confident employer scheme. To read more about our ED&I commitments, head over to the EDI page on our website:
A leading financial technology company in Manchester is seeking an experienced Penetration Tester to conduct assessments on its core banking platform. The role focuses on Cloud and Application Security, requiring strong skills in penetration testing and communication. Candidates should have over 5 years of experience, knowledge of secure code reviews, and proficiency in tools like AWS. The position allows for hybrid working and offers a range of benefits including enhanced pension schemes and private medical insurance.
03/05/2026
Full time
A leading financial technology company in Manchester is seeking an experienced Penetration Tester to conduct assessments on its core banking platform. The role focuses on Cloud and Application Security, requiring strong skills in penetration testing and communication. Candidates should have over 5 years of experience, knowledge of secure code reviews, and proficiency in tools like AWS. The position allows for hybrid working and offers a range of benefits including enhanced pension schemes and private medical insurance.
Divvy Cloud Corp. is looking for a skilled penetration tester to join their Global Services team. In this role, you will conduct continuous Red Team operations, delivering external network penetration testing and managing vulnerability scan dashboards. Candidates should have over 3 years of experience in technical security, Cybersecurity standards knowledge, and relevant certifications. The position emphasizes collaboration, client engagement, and providing consultative insights while maintaining a commitment to security excellence.
03/05/2026
Full time
Divvy Cloud Corp. is looking for a skilled penetration tester to join their Global Services team. In this role, you will conduct continuous Red Team operations, delivering external network penetration testing and managing vulnerability scan dashboards. Candidates should have over 3 years of experience in technical security, Cybersecurity standards knowledge, and relevant certifications. The position emphasizes collaboration, client engagement, and providing consultative insights while maintaining a commitment to security excellence.
Do you enjoy attacking networks? Do you enjoy sifting through large amounts of attack surface, crafting novel attack chains to breach a client's perimeter, gaining initial access, laterally moving, and demonstrating impact, all while evading security teams and their controls? As a penetration tester on the Global Services team at Rapid7, you will help our clients improve their security posture through your technical skills and knowledge of both offensive and defense strategies. About the Team Vector Command is an always on Red Team operation supporting multiple customers. As part of a specialized team, you will emulate real adversaries by performing large scale reconnaissance, identifying exposed or high value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities-it tests the customer's entire security posture and defense in depth strategy. In addition to offensive operations, you will support customers through external attack surface analysis, exposure reconnaissance, integration of accounts and tools, preparation of monthly Red Team reports, and prioritization of customer requests. Daily collaboration with Vector Command operators is essential, as is maintaining awareness of new vulnerabilities, shifts in customer attack surfaces, and changes across customer environments. About the Role Your primary responsibility is to deliver Rapid7's Vector Command Continuous Red Teaming service. In this role, you will conduct external network penetration testing and manage vulnerability scan dashboards, exploiting vulnerabilities, identifying the impact of exposures, and then searching for vulnerabilities that automated tooling may miss. The focus is on continuous perimeter testing to identify attack vectors that could lead to a breach. Specifically, your focus will be to: Manage automated vulnerability scan data across numerous customers, identifying and validating vulnerabilities which can be used to gain initial access into an organization. Perform external network penetration testing activities across a large attack surface, searching for vulnerabilities and misconfigurations that automation often misses. Upon successful exploitation, work with your Vector Command team to evaluate the impact through post compromise breach simulation. Collaborate closely with a team of Red Team operators, participating in daily meetings to establish attack objectives and operational direction. Develop and maintain positive relationships with clients and understand their business and needs. Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and leading practices. The skills and qualities you'll bring include: 3+ years in an active technical security role. Knowledge of Cybersecurity standards and industry best practices. Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet facing attack surfaces. The ability to translate technical concepts and convey them to non security personnel. Technical competencies, including previous technical consulting experience. High quality report writing and peer reviewing. Certifications such as GPEN, CPTS, OSCP, CREST. Experience with Red & Purple Teams. Excellent communication skills both with internal and external stakeholders. Collaborative mindset, contributing to knowledge sharing and cross training. Demonstrate a commitment to the "end to end" testing process, from the initial pre engagement planning to providing accountable support during the final remediation phase. Core Value Embodiment: embody our core values to foster a culture of excellence that drives meaningful impact and collective success.
03/05/2026
Full time
Do you enjoy attacking networks? Do you enjoy sifting through large amounts of attack surface, crafting novel attack chains to breach a client's perimeter, gaining initial access, laterally moving, and demonstrating impact, all while evading security teams and their controls? As a penetration tester on the Global Services team at Rapid7, you will help our clients improve their security posture through your technical skills and knowledge of both offensive and defense strategies. About the Team Vector Command is an always on Red Team operation supporting multiple customers. As part of a specialized team, you will emulate real adversaries by performing large scale reconnaissance, identifying exposed or high value assets, and discovering weaknesses that can be leveraged for compromise. After gaining access, the team continues with post compromise objectives to demonstrate real impact, evade detection, and assess the effectiveness of security controls. This service evaluates far more than vulnerabilities-it tests the customer's entire security posture and defense in depth strategy. In addition to offensive operations, you will support customers through external attack surface analysis, exposure reconnaissance, integration of accounts and tools, preparation of monthly Red Team reports, and prioritization of customer requests. Daily collaboration with Vector Command operators is essential, as is maintaining awareness of new vulnerabilities, shifts in customer attack surfaces, and changes across customer environments. About the Role Your primary responsibility is to deliver Rapid7's Vector Command Continuous Red Teaming service. In this role, you will conduct external network penetration testing and manage vulnerability scan dashboards, exploiting vulnerabilities, identifying the impact of exposures, and then searching for vulnerabilities that automated tooling may miss. The focus is on continuous perimeter testing to identify attack vectors that could lead to a breach. Specifically, your focus will be to: Manage automated vulnerability scan data across numerous customers, identifying and validating vulnerabilities which can be used to gain initial access into an organization. Perform external network penetration testing activities across a large attack surface, searching for vulnerabilities and misconfigurations that automation often misses. Upon successful exploitation, work with your Vector Command team to evaluate the impact through post compromise breach simulation. Collaborate closely with a team of Red Team operators, participating in daily meetings to establish attack objectives and operational direction. Develop and maintain positive relationships with clients and understand their business and needs. Create additional value for clients through continual insights and consultative advice based on experience with the client, their industry, established standards and leading practices. The skills and qualities you'll bring include: 3+ years in an active technical security role. Knowledge of Cybersecurity standards and industry best practices. Bug Bounty experience, identifying novel vulnerabilities in arbitrary internet facing attack surfaces. The ability to translate technical concepts and convey them to non security personnel. Technical competencies, including previous technical consulting experience. High quality report writing and peer reviewing. Certifications such as GPEN, CPTS, OSCP, CREST. Experience with Red & Purple Teams. Excellent communication skills both with internal and external stakeholders. Collaborative mindset, contributing to knowledge sharing and cross training. Demonstrate a commitment to the "end to end" testing process, from the initial pre engagement planning to providing accountable support during the final remediation phase. Core Value Embodiment: embody our core values to foster a culture of excellence that drives meaningful impact and collective success.
At Engine by Starling, we are on a mission to find and work with leading banks all around the world who have the ambition to build rapid growth businesses, on our technology. Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling Bank, and a year ago we split out as a separate business. Starling Bank has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up. This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success. Hybrid Working We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. About the Role We are looking for an experienced Penetration Tester who can bridge the gap between deep technical exploitation and real-world business risk. This isn't just about running scanners and handing over a PDF; it's about adversarial empathy, understanding how our systems and services work so you can show us how they may be compromised. While you will sit within the Information Security team, you won't be siloed; you will be "dropped in" to test across various business domains, working side-by-side with Infrastructure Engineers and Software Developers and in collaboration with all parts of the Information Security Team. Your approach is to move beyond finding 'bugs' to helping out teams build inherently resilient systems. As an early member of our internal Pentesting capability, you won't just follow a manual, you will help write it. A key aspect of this role involves: Collaborating with your peers to design a continuous testing framework that evolves with our tech stack. Sharing knowledge with the wider technical faculty to elevate our collective security posture. Additionally, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation. Responsibilities End-to-End Assessments: Conducting penetration tests on our core banking platform, focusing on Cloud and Application Security. Code Review: Performing manual secure code reviews to identify logic flaws and security anti-patterns. Threat Modelling: Participate in sessions with different teams to identify design flaws before code is written. Risk Contextualisation: Contextualising technical vulnerabilities into "Real-World Risk" scenarios to demonstrate business impact to non-technical executives and within Engine's risk management framework. Cloud Security: Collaborating with Infrastructure teams to audit and secure cloud configurations. Autonomous Execution: Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains. Remediation: Providing clear, actionable remediation advice that balances security requirements with engineering velocity. Strategic Reporting: Translate complex technical exploits into actionable business risk summaries for non-technical stakeholders and executive leadership. Requirements We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Technical Skills Ideally, we would like: Experience: 5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs. Tooling: Expert-level proficiency with industry-standard tools and the ability to "go manual" when scanners fail. Cloud Native: Experience with Cloud Security, (AWS/GCP) specifically AWS/EKS. Code Fluency: Ability to conduct code reviews in multiple languages, primarily Java and Go. Mobile: Experience testing Mobile Applications (iOS and Android). SDLC: You have a working understanding of how software is architected, built and deployed. Scripting: You have the ability to write your own scripts and tooling to aid in pentesting and improve efficiency. Golang, Python etc. Soft Skills Communication: Exceptional written and spoken communication skills: the ability to communicate complex technical issues to engineers and business risk to executives. Proactivity: A self-starting nature. You don't wait for a ticket to find a vulnerability. Got downtime? You're digging into codebases, closing off retesting items and generally getting it done. Independence: Ability to work independently while remaining a collaborative partner to the wider engineering team. Adaptability: Engine is evolving. You are able to evolve and develop as our requirements shift over time. Nice to have Infrastructure as Code (IaC): Experience auditing Terraform or CloudFormation templates. DevSecOps: Familiarity with integrating security tooling (DAST/SAST) into CI/CD pipelines. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
03/05/2026
Full time
At Engine by Starling, we are on a mission to find and work with leading banks all around the world who have the ambition to build rapid growth businesses, on our technology. Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling Bank, and a year ago we split out as a separate business. Starling Bank has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up. This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success. Hybrid Working We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. About the Role We are looking for an experienced Penetration Tester who can bridge the gap between deep technical exploitation and real-world business risk. This isn't just about running scanners and handing over a PDF; it's about adversarial empathy, understanding how our systems and services work so you can show us how they may be compromised. While you will sit within the Information Security team, you won't be siloed; you will be "dropped in" to test across various business domains, working side-by-side with Infrastructure Engineers and Software Developers and in collaboration with all parts of the Information Security Team. Your approach is to move beyond finding 'bugs' to helping out teams build inherently resilient systems. As an early member of our internal Pentesting capability, you won't just follow a manual, you will help write it. A key aspect of this role involves: Collaborating with your peers to design a continuous testing framework that evolves with our tech stack. Sharing knowledge with the wider technical faculty to elevate our collective security posture. Additionally, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation. Responsibilities End-to-End Assessments: Conducting penetration tests on our core banking platform, focusing on Cloud and Application Security. Code Review: Performing manual secure code reviews to identify logic flaws and security anti-patterns. Threat Modelling: Participate in sessions with different teams to identify design flaws before code is written. Risk Contextualisation: Contextualising technical vulnerabilities into "Real-World Risk" scenarios to demonstrate business impact to non-technical executives and within Engine's risk management framework. Cloud Security: Collaborating with Infrastructure teams to audit and secure cloud configurations. Autonomous Execution: Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains. Remediation: Providing clear, actionable remediation advice that balances security requirements with engineering velocity. Strategic Reporting: Translate complex technical exploits into actionable business risk summaries for non-technical stakeholders and executive leadership. Requirements We're open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Technical Skills Ideally, we would like: Experience: 5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs. Tooling: Expert-level proficiency with industry-standard tools and the ability to "go manual" when scanners fail. Cloud Native: Experience with Cloud Security, (AWS/GCP) specifically AWS/EKS. Code Fluency: Ability to conduct code reviews in multiple languages, primarily Java and Go. Mobile: Experience testing Mobile Applications (iOS and Android). SDLC: You have a working understanding of how software is architected, built and deployed. Scripting: You have the ability to write your own scripts and tooling to aid in pentesting and improve efficiency. Golang, Python etc. Soft Skills Communication: Exceptional written and spoken communication skills: the ability to communicate complex technical issues to engineers and business risk to executives. Proactivity: A self-starting nature. You don't wait for a ticket to find a vulnerability. Got downtime? You're digging into codebases, closing off retesting items and generally getting it done. Independence: Ability to work independently while remaining a collaborative partner to the wider engineering team. Adaptability: Engine is evolving. You are able to evolve and develop as our requirements shift over time. Nice to have Infrastructure as Code (IaC): Experience auditing Terraform or CloudFormation templates. DevSecOps: Familiarity with integrating security tooling (DAST/SAST) into CI/CD pipelines. 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing About Us You may be put off applying for a role because you don't tick every box. Forget that! While we can't accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren't sure if you're 100% there yet, get in touch anyway. We're on a mission to radically reshape banking - and that starts with our brilliant team. Whatever came before, we're proud to bring together people of all backgrounds and experiences who love working together to solve problems. Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. When you provide us with this information, you are doing so at your own consent, with full knowledge that we will process this personal data in accordance with our Privacy Notice. By submitting your application, you agree that Starling Bank will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we will process, where we will process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
About the Role As an experienced Penetration Tester at Starling, you'll be joining an established team, working with talented cyber security professionals to ensure our services are designed, developed and operated securely. This is a collaborative role - you'll directly interact with multiple areas of the business to understand requirements, conduct research, perform security testing, and report issues aligned to our risk framework. Being an internal tester, you'll gain a strong understanding of how technology works at Starling to enable in-depth testing. You'll also support remediation processes, seeing your findings lead to tangible security improvements. We understand the importance of knowledge and expertise remaining current, so we'll actively support your advancement through research and training. In turn, you'll help us continuously improve our processes, methodologies and tools to maintain the highest standard of testing. Responsibilities Scoping and performing mobile, web application, cloud and infrastructure penetration tests. Collaborating with engineering teams to facilitate secure development, including: Reviewing and analysing proposed technical solutions to identify appropriate security controls. Conducting code reviews of features and critical security components. Performing in-depth practical security testing. Advising on the remediation of security issues and identifying solutions to address root causes. Automating security testing and developing internal tooling to achieve continuous assurance. Identifying and implementing improvements to the team's internal processes and procedures. Mentoring less experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling. Requirements We're open minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Ideally, we would like: 5+ years technical information security experience. Experience in mobile, web application, cloud and infrastructure penetration testing. Technical knowledge - we don't expect mastery of every area, but are looking for a good foundation in the following domains: Mobile security (iOS and Android) Web application security Networking and associated protocols Cloud security (AWS and GCP) Containers and Kubernetes A desire to learn, and the ability to apply technical security knowledge to new and unfamiliar areas. Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience. Experience performing code reviews or code-assisted testing, particularly in Java and Go. Experience in automation of security testing (e.g. using Python or Go). Excellent verbal and written communication skills. Benefits 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing Equal Opportunity Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.
03/05/2026
Full time
About the Role As an experienced Penetration Tester at Starling, you'll be joining an established team, working with talented cyber security professionals to ensure our services are designed, developed and operated securely. This is a collaborative role - you'll directly interact with multiple areas of the business to understand requirements, conduct research, perform security testing, and report issues aligned to our risk framework. Being an internal tester, you'll gain a strong understanding of how technology works at Starling to enable in-depth testing. You'll also support remediation processes, seeing your findings lead to tangible security improvements. We understand the importance of knowledge and expertise remaining current, so we'll actively support your advancement through research and training. In turn, you'll help us continuously improve our processes, methodologies and tools to maintain the highest standard of testing. Responsibilities Scoping and performing mobile, web application, cloud and infrastructure penetration tests. Collaborating with engineering teams to facilitate secure development, including: Reviewing and analysing proposed technical solutions to identify appropriate security controls. Conducting code reviews of features and critical security components. Performing in-depth practical security testing. Advising on the remediation of security issues and identifying solutions to address root causes. Automating security testing and developing internal tooling to achieve continuous assurance. Identifying and implementing improvements to the team's internal processes and procedures. Mentoring less experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling. Requirements We're open minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications. Ideally, we would like: 5+ years technical information security experience. Experience in mobile, web application, cloud and infrastructure penetration testing. Technical knowledge - we don't expect mastery of every area, but are looking for a good foundation in the following domains: Mobile security (iOS and Android) Web application security Networking and associated protocols Cloud security (AWS and GCP) Containers and Kubernetes A desire to learn, and the ability to apply technical security knowledge to new and unfamiliar areas. Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience. Experience performing code reviews or code-assisted testing, particularly in Java and Go. Experience in automation of security testing (e.g. using Python or Go). Excellent verbal and written communication skills. Benefits 25 days holiday (plus take your public holiday allowance whenever works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing Equal Opportunity Starling is an equal opportunity employer, and we're proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.
A leading digital bank in Manchester is seeking an experienced Penetration Tester to join their team. You will conduct mobile, web application, cloud, and infrastructure penetration tests while collaborating with engineering teams to enhance security practices. Ideal candidates will have over five years of experience in technical information security, expertise in various security domains, and qualifications like CREST or OSCP. The position includes a range of benefits that support both professional and personal growth.
03/05/2026
Full time
A leading digital bank in Manchester is seeking an experienced Penetration Tester to join their team. You will conduct mobile, web application, cloud, and infrastructure penetration tests while collaborating with engineering teams to enhance security practices. Ideal candidates will have over five years of experience in technical information security, expertise in various security domains, and qualifications like CREST or OSCP. The position includes a range of benefits that support both professional and personal growth.
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in the West Midlands Be aged 19 or over. Earn below the gross annual wage cap of £34,194. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
01/05/2026
Full time
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in the West Midlands Be aged 19 or over. Earn below the gross annual wage cap of £34,194. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in Greater Manchester. Be aged 19 or over. Earn below the gross annual wage cap of £32,400. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
01/05/2026
Full time
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in Greater Manchester. Be aged 19 or over. Earn below the gross annual wage cap of £32,400. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
Senior Penetration Tester Location: Fully Remote (UK-Based) Salary Range: £50,000 - £85,000 (dependent on experience) Position: Permanent, Full-Time My client is a dynamic and growing cybersecurity consultancy dedicated to providing top-tier security services to a diverse range of clients. They believe in empowering the team with the flexibility of remote work while tackling challenging and engaging projects that make a real difference to their clients' security posture. The Role We are seeking a highly skilled and motivated Senior Penetration Tester to join our remote team. You will be responsible for leading and executing complex penetration tests against a variety of systems, networks, and applications. The ideal candidate is not just a proficient tester but a critical thinker who can articulate risks clearly and provide pragmatic remediation advice to clients. Key Responsibilities Plan, lead, and execute sophisticated penetration tests across infrastructure, web applications, APIs, and internal networks. Conduct advanced Red Team exercises to simulate real-world adversary attacks and test organisational defences. Produce high-quality, clear, and concise reports for both technical and executive audiences, detailing findings, risks, and actionable remediation strategies. Mentor and provide guidance to junior members of the team, promoting best practices and knowledge sharing. Collaborate with clients to scope engagements, present findings, and provide expert advice on mitigating identified vulnerabilities. Stay abreast of the latest security vulnerabilities, attack vectors, tools, and methodologies. Contribute to the continuous improvement of our testing methodologies and service offerings. Essential Skills & Qualifications Must hold active CREST Certified Tester (CRT) certification. (Non-negotiable) Proven commercial experience in a penetration testing role. Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities. Strong experience in web application penetration testing (OWASP Top 10). Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.). Excellent written and verbal communication skills, with a proven ability to write detailed technical reports. A proactive and self-motivated attitude, capable of working effectively in a fully remote environment. Desirable Skills & Qualifications Experience with or knowledge of implementing Cyber Essentials and Cyber Essentials Plus schemes is highly desirable. Additional certifications such as: CREST Certified Simulated Attack Specialist (CCSAS) / Certified Simulated Attack Manager (CCSAM) Offensive Security Certified Professional (OSCP) Certified Information Systems Security Professional (CISSP) SANS GIAC Penetration Tester (GPEN) or Web Application Penetration Tester (GWAPT) Experience in mobile application (iOS/Android) testing, cloud security (AWS/Azure/GCP), or social engineering. Experience scripting in Python, PowerShell, or Bash to develop custom tools or exploits. What We Offer A competitive salary of £50,000 - £85,000 . Fully remote working - work from anywhere in the UK. A supportive and collaborative culture with a strong focus on professional development.
01/10/2025
Full time
Senior Penetration Tester Location: Fully Remote (UK-Based) Salary Range: £50,000 - £85,000 (dependent on experience) Position: Permanent, Full-Time My client is a dynamic and growing cybersecurity consultancy dedicated to providing top-tier security services to a diverse range of clients. They believe in empowering the team with the flexibility of remote work while tackling challenging and engaging projects that make a real difference to their clients' security posture. The Role We are seeking a highly skilled and motivated Senior Penetration Tester to join our remote team. You will be responsible for leading and executing complex penetration tests against a variety of systems, networks, and applications. The ideal candidate is not just a proficient tester but a critical thinker who can articulate risks clearly and provide pragmatic remediation advice to clients. Key Responsibilities Plan, lead, and execute sophisticated penetration tests across infrastructure, web applications, APIs, and internal networks. Conduct advanced Red Team exercises to simulate real-world adversary attacks and test organisational defences. Produce high-quality, clear, and concise reports for both technical and executive audiences, detailing findings, risks, and actionable remediation strategies. Mentor and provide guidance to junior members of the team, promoting best practices and knowledge sharing. Collaborate with clients to scope engagements, present findings, and provide expert advice on mitigating identified vulnerabilities. Stay abreast of the latest security vulnerabilities, attack vectors, tools, and methodologies. Contribute to the continuous improvement of our testing methodologies and service offerings. Essential Skills & Qualifications Must hold active CREST Certified Tester (CRT) certification. (Non-negotiable) Proven commercial experience in a penetration testing role. Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities. Strong experience in web application penetration testing (OWASP Top 10). Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.). Excellent written and verbal communication skills, with a proven ability to write detailed technical reports. A proactive and self-motivated attitude, capable of working effectively in a fully remote environment. Desirable Skills & Qualifications Experience with or knowledge of implementing Cyber Essentials and Cyber Essentials Plus schemes is highly desirable. Additional certifications such as: CREST Certified Simulated Attack Specialist (CCSAS) / Certified Simulated Attack Manager (CCSAM) Offensive Security Certified Professional (OSCP) Certified Information Systems Security Professional (CISSP) SANS GIAC Penetration Tester (GPEN) or Web Application Penetration Tester (GWAPT) Experience in mobile application (iOS/Android) testing, cloud security (AWS/Azure/GCP), or social engineering. Experience scripting in Python, PowerShell, or Bash to develop custom tools or exploits. What We Offer A competitive salary of £50,000 - £85,000 . Fully remote working - work from anywhere in the UK. A supportive and collaborative culture with a strong focus on professional development.
Penetration Tester - HIRING ASAP Start date: ASAP Duration: Till end of December 2025 with an extension thereafter Location: 2-3 days in Wokingham, 2-3 days remote working. Rate: £459 per day inside ir35 Responsibilities Conduct manual and automated penetration tests on web applications, networks, APIs, and mobile platforms. Identify, exploit, and document security vulnerabilities with detailed risk assessments. Develop and execute red team exercises and threat simulations. Collaborate with development and infrastructure teams to remediate findings. Prepare comprehensive reports outlining findings, impact, and mitigation strategies. Stay current with latest attack vectors, tools, and security trends. Assist in security awareness training and internal education efforts. Contribute to security policies and best practices development. Key Skills Proven experience in penetration testing, ethical hacking, or red teaming. Strong understanding of OWASP Top 10, MITRE ATT&CK, and CVSS scoring. Proficiency with tools like Burp Suite, Metasploit, Nmap, Wireshark, Kali Linux. Familiarity with Scripting languages (Python, Bash, PowerShell). Knowledge of network protocols, operating systems, and cloud environments. Relevant certifications (eg, OSCP, CEH, GPEN, CRTP) are highly desirable. Excellent analytical, communication, and report-writing skills
01/10/2025
Contractor
Penetration Tester - HIRING ASAP Start date: ASAP Duration: Till end of December 2025 with an extension thereafter Location: 2-3 days in Wokingham, 2-3 days remote working. Rate: £459 per day inside ir35 Responsibilities Conduct manual and automated penetration tests on web applications, networks, APIs, and mobile platforms. Identify, exploit, and document security vulnerabilities with detailed risk assessments. Develop and execute red team exercises and threat simulations. Collaborate with development and infrastructure teams to remediate findings. Prepare comprehensive reports outlining findings, impact, and mitigation strategies. Stay current with latest attack vectors, tools, and security trends. Assist in security awareness training and internal education efforts. Contribute to security policies and best practices development. Key Skills Proven experience in penetration testing, ethical hacking, or red teaming. Strong understanding of OWASP Top 10, MITRE ATT&CK, and CVSS scoring. Proficiency with tools like Burp Suite, Metasploit, Nmap, Wireshark, Kali Linux. Familiarity with Scripting languages (Python, Bash, PowerShell). Knowledge of network protocols, operating systems, and cloud environments. Relevant certifications (eg, OSCP, CEH, GPEN, CRTP) are highly desirable. Excellent analytical, communication, and report-writing skills
We're looking for a CHECK Team Member(CCT INF/APP or CSTM equivalent) to deliver ITHCs and penetration testing for government. The Role Run and deliver IT Health Checks and penetration tests (on-site & remote). Scope, plan, and run multi-phase security assessments. Produce clear, high-quality reports and peer reviews. Mentor and upskill team members through 1:1 coaching, workshops, and bootcamps. Open, transparent and collaborative approach What You'll Need Current or previous CHECK Team Member (Infrastructure or Application) status. 3+ years' hands-on penetration testing including ITHCs. Experience with AWS and Kubernetes. Strong comms skills - technical detail, excellent technical skills. SC clearance
01/10/2025
Contractor
We're looking for a CHECK Team Member(CCT INF/APP or CSTM equivalent) to deliver ITHCs and penetration testing for government. The Role Run and deliver IT Health Checks and penetration tests (on-site & remote). Scope, plan, and run multi-phase security assessments. Produce clear, high-quality reports and peer reviews. Mentor and upskill team members through 1:1 coaching, workshops, and bootcamps. Open, transparent and collaborative approach What You'll Need Current or previous CHECK Team Member (Infrastructure or Application) status. 3+ years' hands-on penetration testing including ITHCs. Experience with AWS and Kubernetes. Strong comms skills - technical detail, excellent technical skills. SC clearance
We're looking for a CHECK Team Leader (CCT INF/APP or CSTL equivalent) to deliver ITHCs and penetration testing for government. The Role Lead and deliver IT Health Checks and penetration tests (on-site & remote). Scope, plan, and run multi-phase security assessments. Produce clear, high-quality reports and peer reviews. Mentor and upskill team members through 1:1 coaching, workshops, and bootcamps. Open, transparent and collaborative approach What You'll Need Current or previous CHECK Team Leader (Infrastructure or Application) status. 3+ years' hands-on penetration testing including ITHCs. Experience with AWS and Kubernetes. Strong comms skills - technical detail, excellent technical skills. SC clearance
01/10/2025
Contractor
We're looking for a CHECK Team Leader (CCT INF/APP or CSTL equivalent) to deliver ITHCs and penetration testing for government. The Role Lead and deliver IT Health Checks and penetration tests (on-site & remote). Scope, plan, and run multi-phase security assessments. Produce clear, high-quality reports and peer reviews. Mentor and upskill team members through 1:1 coaching, workshops, and bootcamps. Open, transparent and collaborative approach What You'll Need Current or previous CHECK Team Leader (Infrastructure or Application) status. 3+ years' hands-on penetration testing including ITHCs. Experience with AWS and Kubernetes. Strong comms skills - technical detail, excellent technical skills. SC clearance
