Lead Penetration Tester – Client Lead
Hybrid – 2 days a week on client site (30-minute train journey from Waterloo)
Our client is a leading consulting firm specialising in complex cloud, digital and data solutions for UK leading public and private sector organisations. They are now seeking a technical and commercially astute Lead Penetration Tester to lead the team.
This role is to work with a specific client on a secondment basis dedicated to the one client so no other consulting or travelling being away from home for long periods.
As the Lead Penetration Tester/Client Lead you will take the lead in advanced penetration tests and vulnerability assessments across a diverse range of cutting-edge applications. You will take a hands-on approach to evaluating the security of applications, networks, and systems and you will play a critical role in integrating robust security standards into the development process, ensuring that vulnerabilities are identified and mitigated at every stage.
This highly technical and hands-on position places you at the heart of cyber defence, actively identifying, exploiting, and mitigating security vulnerabilities in web, mobile, and cloud-based platforms.
You’ll leverage tools and methodologies to stay ahead of evolving threats, collaborating with development teams to embed robust security practices directly into the SDLC. Your expertise will be instrumental in fortifying the organisation’s digital assets and ensuring resilience against cyber adversaries.
Responsibilities of Lead Penetration Tester:
Penetration Testing & Vulnerability Assessment
* Lead penetration tests and vulnerability assessments on applications, networks, and systems, exposing and documenting critical risks with actionable remediation strategies.
* Stay ahead of emerging threats, ensuring cutting-edge testing methodologies and solutions are applied effectively.
Security Risk Management
* Drive the vulnerability management program, performing risk assessments and enhancing security posture through strategic mitigation plans.
Leadership & Collaboration
* Mentor and guide a dedicated security team while working cross-functionally to embed best practices across operations and development lifecycles.
Incident Response
* Investigate and mitigate real-time threats, minimizing business impact, and delivering post-incident root cause analysis with tailored action plans.
Strategic Security Improvement
* Innovate and refine security policies, adopting advanced tools and techniques to bolster defences and stay aligned with industry standards.
Experience required as the Lead Penetration Tester:
* Must have excellent communication and stakeholder management skills – we are looking for confidence and gravitas!
* Technical Mastery: Expertise in penetration testing tools like Burp Suite, Metasploit, and OWASP ZAP, alongside manual testing techniques.
* Deep Security Knowledge: Strong understanding of application vulnerabilities (SQL injection, XSS, etc.), cloud security, and DevSecOps integration.
* Proven Experience: minimum 5-7+ years in information security with a track record of delivering impactful penetration testing and vulnerability assessments.
* Certifications That Set You Apart: CEH, OSCP, CISSP, or similar qualifications preferred but not mandatory
If you’re a passionate security professional eager to lead, innovate, and make a difference, apply today and be part of a team that’s redefining the future of information security!