CHECK Team Leader – Infrastructure or/and WebApp
* UK Based (Remote)
* up to £100k base
Job Purpose:
As CHECK Team Leader, you will play a critical role in managing and delivering high-quality penetration testing services to clients in government, defence, and critical national infrastructure sectors. You will be a certified and experienced CHECK Team Leader to manage and develop a team of testers, in addition to providing CHECK penetration tests to clients.
You will proactively contribute to the ongoing expansion of your Community of Professional Interest by feeding into internal guidance, supporting the collation of a robust body of knowledge to support business growth and development, and sharing insight as an expert in your profession.
This role offers a hybrid work model with opportunities for remote and on-site client engagement, as well as participation in high-profile engagements with government and critical national infrastructure clients. To this end, you must be UK based and willing to undergo the process to attain/maintain a high level of security clearance.
Reports to: Specialist Services Manager
Direct Reports: N/A – future state will include line management of a team of Penetration Testers.
Engagement Management:
* Lead and manage penetration testing engagements, including scoping, planning, execution, and reporting.
* Ensure engagements meet NCSC CHECK standards and client requirements for quality and thoroughness.
* Serve as the primary point of contact for clients during engagements, providing regular updates and managing expectations.
Technical Leadership:
* Perform advanced penetration testing on networks, applications, infrastructure, and mobile platforms.
* Identify, exploit, and document vulnerabilities, simulating realistic threat scenarios.
* Review team findings to ensure accuracy, depth, and compliance with industry standards such as OWASP, OSSTMM, and CREST.
Team Development and Mentorship:
* Provide technical guidance, mentorship, and training to junior and senior penetration testers.
* Ensure team members meet continuous professional development requirements, including maintaining certifications.
* Conduct peer reviews of deliverables to uphold high-quality reporting standards.
Governance and Compliance:
* Ensure compliance with NCSC CHECK requirements and maintain the company’s CHECK service provider status.
* Keep up to date with the latest vulnerabilities, exploits, and security trends to inform testing methodologies.
* Develop and maintain internal methodologies, tools, and processes aligned with industry best practices.
Reporting and Recommendations:
* Produce comprehensive, clear, and actionable reports, detailing vulnerabilities, exploit methodologies, and risk mitigation strategies.
* Present findings and recommendations to technical and non-technical stakeholders, including C-level executives.Experience:
* In-depth knowledge of vulnerability assessment tools, exploitation frameworks, and manual testing techniques.
* Proficiency in scripting languages (e.g., Python, PowerShell, Bash) and understanding of offensive security tools (e.g., Metasploit, Burp Suite, Cobalt Strike).
* Familiarity with security frameworks and standards such as ISO 27001, NIST, CIS Controls, and GDPR.
* Experience with red teaming, threat modelling, or advanced adversarial simulations.
* Strong background in reverse engineering, malware analysis, or exploit development.
Qualifications:
* Certified CHECK Team Leader (CTL) qualification through NCSC.
* Additional certifications: OSCP, OSCE, CISSP, CREST CRT/CRTIA, or equivalent.
Required Skills:
* Strong technical skills in network, web application, and infrastructure penetration testing.
* The ability to present comprehensive feedback to director level stakeholders, effectively communicating risks, risk mitigation strategies and make recommend for remedial actions through detailed and insightful reports.
* Excellent leadership skills – the ability to develop and mentor a high-performing team of penetration testers, ensuring effective collaboration and continuous improvement.
* The ability to engage with external clients, confidently articulating the value of our services and systems.
* Organisation skills – the ability to manage a varied workload whilst ensuring a high level of accuracy and attention to detail.
* Project management skills – the ability to effectively plan, execute and oversee penetration testing projects ensuring timely delivery and adherence to quality standards.
* Effective communication skills, both written and verbal, with the ability to maintain strong relationships and present complex technical concepts clearly to stakeholders up to Director level.
* Proven ability to manage your own time and activities autonomously. Ensuring you are able to manage multiple projects and deadlines.
* High levels of integrity, professionalism, and discretion when handling sensitive information.