2,749 Offensive Security jobs in the United Kingdom

Job Description

We are looking for a certified Penetration Tester to join our client’s cybersecurity team and help safeguard critical systems through simulated attacks and red team assessments. You’ll be responsible for identifying vulnerabilities across networks, applications, and cloud infrastructure and providing actionable insights to reduce risk exposure.

Ideal candidates have deep experience in offensive security. Testing, a strong understanding of exploits and security protocols, and a drive to continuously evolve with today’s fast-moving threat landscape.

Job Responsibilities

Plan, execute, and report on penetration tests across networks, web applications, APIs, mobile, and cloud environmentsConduct red team engagements , including simulated phishing, social engineering, and physical security assessmentsIdentify, document, and prioritise vulnerabilities and misconfigurations Use both manual techniques and automated tools (e.g., Burp Suite, Metasploit, Nmap)Collaborate with blue team and remediation teams to harden systemsProduce detailed technical reports and executive summaries for stakeholdersStay up to date with the latest exploits, vulnerabilities (CVEs), and threat actor tacticsRequirements

Required Skills

Strong proficiency in penetration testing tools (e.g., Kali Linux, Burp Suite, Metasploit, Nmap, Wireshark)Experience with OWASP Top 10 , vulnerability scanning, and exploit developmentFamiliarity with MITRE ATT&CK framework and red team methodologySolid knowledge of TCP/IP, firewalls, DNS, HTTP/HTTPS, and encryption protocols Strong reporting and communication skillsAt least one industry certification (OSCP, CEH, CREST CRT, or similar)

Desired Skills

Scripting skills in Python, PowerShell, or BashExperience with cloud security testing (AWS, Azure, GCP)Familiarity with CI/CD environments and DevSecOpsExposure to purple teaming or adversary emulationKnowledge of physical security and social engineering tacticsBenefits

Job Benefits

Competitive salary + performance bonusPaid training and certification reimbursement (OSCP, CREST, etc.)25 days holiday + bank holidaysPrivate healthcare + mental health supportFully remote or hybrid working optionsCompany-funded attendance at security conferences (DEF CON, Black Hat, etc.)

Please Note: The deadline for applying is 23.59 the day before the job posting end date.
Job Title: Offensive Security Senior Manager
Business Function: Cyber Security
Location: Kingston Head Office / Bangalore
Unilever is one of the world's leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann's, Wall's, Ben & Jerry's, Marmite, Magnum, and Lynx. Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That's why our purpose as Unilever is 'to make sustainable living commonplace'.
At Unilever, we're determined to achieve a culture where everyone can thrive, a culture where all individuals are treated fairly and respectfully, and where their uniqueness is celebrated. We're taking a holistic approach that focuses on how we can use the scale and reach of our business to have the greatest impact in our own workplace and beyond. We've set clear goals to eliminate any bias and discrimination in our policies and practices, accelerate diverse representation in our leadership, and remove barriers for people with disabilities. At the same time, we're setting out to spend more with diverse businesses and increasing representation of diverse groups in our advertising. Find out more about our commitment to equity, diversity, and inclusion on our website ( .
Unilever's Cyber Security team is a global, product-led function aligned to the NIST Cyber Security Framework. We deliver capabilities across governance, protection, detection, response, and recovery to safeguard our people, operations, and digital assets. Operating alongside our Technology and Data teams, Cyber Security enables secure innovation and resilience across our global business. Our structure is built around product families and risk-based priorities, with teams embedded across regions and business units.
JOB PURPOSE
We are looking for a technically exceptional and visionary Senior Manager to lead our Offensive Security function. This role is both strategic and hands-on, responsible for delivering high-impact penetration testing, attack surface management, and a mature bug bounty program. The ideal candidate will be a transformation leader with deep technical expertise in offensive security and a passion for building purple team capabilities that proactively identify and close control gaps across the enterprise.
The Senior Manager - Offensive Security will serve as both a strategic leader and hands-on technical expert, driving the evolution of our offensive security capabilities. This role is accountable for delivering high-impact penetration testing, managing our attack surface, and overseeing a global bug bounty program. With a strong focus on identifying control gaps and advancing purple team maturity, the ideal candidate will bring deep technical acumen, a transformation mindset, and a proven ability to lead and inspire high-performing teams in a dynamic, threat-informed environment.
RESPONSIBILITIES
Technical Leadership & Execution
- Personally lead and execute advanced penetration tests, red/purple team exercises, and adversary emulation campaigns across cloud, application, and infrastructure layers.- Identify and exploit vulnerabilities to simulate real-world attack scenarios, validate detection and response capabilities, and uncover control gaps.- Develop and maintain a Purple Team playbook tailored to business-specific technologies and threat models.- Integrate offensive findings into SOC tuning, detection engineering, and control validation workflows.
Program Ownership
- Own and evolve the offensive security roadmap, including internal testing services, external bug bounty operations, and attack surface management.- Establish and lead a Purple Team Steering Committee with cross-functional stakeholders from Cyber, OT, R&D, and Business Units.- Drive quarterly purple team exercises and ensure findings are embedded into the broader Cyber Transformation roadmap.
Team Building & Transformation
- Build and mentor a high-performing global team of offensive security engineers and red teamers.- Lead the transformation from traditional pentesting to intelligence-driven, continuous offensive security.- Foster a culture of innovation, experimentation, and continuous learning.
Collaboration & Influence
- Partner with Threat Intelligence, SOC, and Engineering teams to contextualize findings and drive remediation.- Communicate technical findings clearly to both technical and executive audiences.- Influence security architecture and product design through early engagement and threat modeling.
Requirements
+ Advanced Penetration Testing : Deep experience conducting and leading penetration tests across web applications, APIs, cloud environments (Azure, AWS, GCP), and enterprise infrastructure.
+ Red and Purple Teaming : Expertise in adversary emulation, threat-informed defense, and purple team exercises that validate detection and response capabilities.
+ Attack Surface Management : Familiarity with ASM platforms and methodologies to continuously identify, assess, and reduce external exposure.
+ Bug Bounty Program Management : Experience managing or collaborating with external bug bounty platforms (e.g., HackerOne, Bugcrowd), including triage and remediation workflows.
+ Exploit Development & Vulnerability Research : Ability to identify and exploit zero-day and known vulnerabilities, and develop custom proof-of-concept exploits.
+ Tool Proficiency :
+ Offensive tools: Cobalt Strike, Metasploit, Burp Suite, Nmap, BloodHound, Covenant, Sliver
+ Scripting: Python, PowerShell, Bash
+ Automation: CI/CD integration for security testing, custom tooling for red team automation
+ Detection Engineering Collaboration : Ability to translate offensive findings into detection logic and partner with SOC teams to improve alerting and response.
+ Threat Modelling & MITRE ATT&CK : Strong understanding of attacker TTPs and ability to map findings to frameworks like MITRE ATT&CK and the Cyber Kill Chain.
+ Cloud Security Testing : Hands-on experience with offensive techniques in cloud-native environments, including IAM misconfigurations, container escape, and serverless exploitation.
+ Security Control Validation : Experience assessing the effectiveness of EDR, WAF, IAM, and other security controls through offensive testing.
Experience
- 15+ years in cybersecurity, with 5+ years in offensive security and team leadership.- Deep hands-on experience with red/purple teaming, adversary emulation, and vulnerability exploitation.- Proficiency with tools such as Cobalt Strike, Metasploit, Burp Suite, BloodHound, and custom scripting.- Strong understanding of MITRE ATT&CK, cyber kill chain, and threat-informed defense.- Experience integrating offensive security into CI/CD pipelines and cloud-native environments.- Relevant certifications (e.g., OSCP, OSCE, CRTO, GXPN) strongly preferred.
Behaviours
Candidates would be required to demonstrate the Unilever Standards of Leadership & live the Values through showing the following behaviors:
+ Agility - Flexes leadership style and plans to meet changing situations with urgency. Learns from the past, envisions the future, has a healthy dissatisfaction with the status quo.
+ Personal Mastery - Actively builds wellbeing and resilience in themselves and their team. Has emotional intelligence to take feedback, manage mood and motivations, and build empathy for others. Sets high standards for themselves and always brings their best self.
+ Passion for High Performance - Inspires the energy needed to win, generating intensity and focus to motivate people to deliver results at speed.
NOTES
About Unilever
Unilever is one of the world's leading suppliers of Food, Home and Personal Care products with sales in over 190 countries and reaching 2 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Dove, Tresemme, Lynx, Lifebuoy, Shea Moisture, Persil, Domestos, Ben & Jerry's, Magnum, Marmite, The Vegetarian Butcher, Graze and Pot Noodle.
Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That's why our purpose is 'to make sustainable living commonplace'
What We Offer
Not only do we offer a competitive salary and pension scheme, we also offer an annual bonus, subsidised gym membership, a discounted staff shop and shares. You'll have the opportunity to work directly with our renowned and exciting brands in a flexible and hybrid working environment.
Whilst the role is advertised on a full-time basis, we would be happy to discuss possible flexible working options and what this may look like for you. We are a key advocate of wellbeing and offer a variety of support for our people including hubs, programmes and development opportunities. We strive to achieve a family-friendly and inclusive workplace and to, above all, create possibilities for all.
Diversity at Unilever is about inclusion, embracing differences, creating possibilities and growing together for better business performance. We embrace diversity in our workforce. This means giving full and fair consideration to all applicants and continuing development of all employees regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity. We are also more than happy to provide reasonable adjustments during our application and interview process to enable you to be present your best self. To find out more, including about our Employee Resource Groups, please click here Equity, Diversity & Inclusion at Unilever | Unilever ( .
Recruitment Fraud
Cyber criminals advertise fake job adverts with prestigious employers as a way of stealing information or even defrauding individuals out of money. In the most sophisticated cases, they will set up fake websites, which have a similar address to companies like Unilever. They even conduct fake telephone interviews and then offer candidates a role with the proviso they pay a fee for background checks or to cover work visa costs.  These types of attacks are becoming more common as more people are looking for employment in the economic climate.
How is Unilever tackling this?
Many of Unilever's recruitment sites publish a warning to candidates about recruitment fraud. The Cyber Security team also proactively scan for signs of people setting up fake Unilever sites and act to close them down.
What can I do?
If you become aware of potential recruitment fraud, spot fake Unilever recruitment adverts or fake LinkedIn profiles, report them via Una Live Chat.
Unilever does not accept responsibility or liability for any candidates who are financially impacted by recruitment fraud. Your vigilance is key!
Job Category: Uniops
Job Type: Full time
Industry:

Our client is a leading cybersecurity consultancy dedicated to protecting businesses from evolving threats. We are looking for a highly skilled Senior Penetration Tester to join our elite offensive security team. This is a fully remote position, allowing you to contribute your expertise from anywhere in the UK. You will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and providing actionable recommendations to enhance our clients' security posture. This role requires a deep understanding of attack vectors, exploitation techniques, and robust reporting methodologies.

Key Responsibilities:

• Plan, scope, and execute various types of penetration tests, including network, web application, mobile application, and cloud environments.
• Perform in-depth vulnerability analysis and exploitation of identified weaknesses across diverse IT infrastructures.
• Develop and maintain custom tools, scripts, and techniques to aid in penetration testing activities.
• Conduct social engineering campaigns to assess human vulnerabilities and security awareness.
• Analyze security findings, assess their impact, and provide clear, concise, and actionable remediation recommendations.
• Prepare detailed technical reports for clients, outlining methodologies, findings, and proposed solutions.
• Stay current with the latest security threats, vulnerabilities, exploits, and penetration testing techniques.
• Collaborate with internal teams to develop security best practices and contribute to service improvement.
• Mentor junior penetration testers, providing guidance and sharing knowledge.
• Present findings and recommendations to technical and non-technical audiences, including senior management.

Qualifications and Experience:

• Minimum of 5 years of hands-on experience in professional penetration testing and offensive security.
• Demonstrated expertise in network protocols, operating systems, web application security, and common vulnerabilities (e.g., OWASP Top 10).
• Proficiency with penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
• Experience in scripting languages (e.g., Python, PowerShell) for automation and tool development.
• Strong understanding of cryptography, authentication mechanisms, and security controls.
• Excellent analytical and problem-solving skills, with a meticulous attention to detail.
• Exceptional report writing and communication skills, with the ability to articulate complex technical concepts clearly.
• Relevant certifications such as OSCP, CEH, CISSP, or GPEN are highly desirable.
• A Bachelor's degree in Computer Science, Cybersecurity, or a related field is preferred.
• Ability to work independently and manage multiple projects effectively in a remote setting.

This is an exciting opportunity to join a forward-thinking organization and make a significant impact on the security of leading companies from Portsmouth, Hampshire, UK (though the role is fully remote). If you are a passionate security professional with a knack for finding vulnerabilities, we encourage you to apply.

Our client, a forward-thinking information security firm, is actively seeking a highly skilled Senior Penetration Tester to join their elite offensive security team. This role is crucial for identifying vulnerabilities and strengthening the security posture of our diverse client base. As a fully remote position, you will have the flexibility to work from anywhere within the UK, contributing your expertise to challenging and rewarding projects.

Responsibilities:

• Conduct comprehensive penetration tests, including network, web application, mobile application, cloud, and API security assessments.
• Identify, exploit, and document security vulnerabilities using a variety of tools and manual techniques.
• Perform in-depth security reviews of systems and applications to identify weaknesses and provide actionable recommendations for remediation.
• Develop detailed penetration testing reports, clearly articulating findings, risks, and remediation steps for both technical and executive audiences.
• Stay current with the latest penetration testing methodologies, tools, and emerging threats.
• Assist in the development and maintenance of penetration testing tools and frameworks.
• Collaborate with client security and development teams to validate findings and provide guidance on security best practices.
• Mentor junior penetration testers and contribute to the continuous improvement of the offensive security practice.
• Participate in red teaming exercises and other advanced security assessments as needed.
• Research and develop new testing techniques and approaches to stay ahead of evolving threat landscapes.
• Contribute to internal knowledge sharing and training sessions.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
• Minimum of 5 years of hands-on experience in penetration testing and offensive security engagements.
• Proven expertise in identifying and exploiting vulnerabilities across various platforms and technologies.
• Proficiency with a wide range of penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Nessus, Wireshark).
• Strong understanding of network protocols, operating systems (Windows, Linux), web technologies, and common security vulnerabilities (e.g., OWASP Top 10).
• Experience with scripting or programming languages (e.g., Python, Bash, PowerShell) for security automation and tool development.
• Relevant industry certifications such as OSCP, OSCE, GPEN, GXPN, or CEH are highly desirable.
• Excellent analytical, problem-solving, and critical-thinking skills.
• Outstanding written and verbal communication skills, with the ability to produce clear, concise, and comprehensive reports.
• Ability to work independently, manage time effectively, and meet project deadlines in a remote setting.

This is a fully remote opportunity offering a competitive salary, excellent benefits, and the chance to work on challenging engagements with a respected cybersecurity firm. Join us and make a significant impact on security posture from your home office.

Our client, a rapidly growing cybersecurity firm, is seeking a highly skilled Senior Penetration Tester to join their elite offensive security team on a fully remote basis. This role is instrumental in identifying vulnerabilities and weaknesses in client systems and applications before malicious actors can exploit them. You will be responsible for conducting advanced penetration tests and providing actionable remediation advice.

Key Responsibilities:

• Perform comprehensive penetration tests against web applications, mobile applications, networks, and cloud environments.
• Conduct in-depth vulnerability assessments and exploit identified weaknesses using a range of tools and techniques.
• Develop and execute creative attack scenarios to simulate real-world threats.
• Analyse test results, document findings, and produce detailed, high-quality penetration testing reports.
• Provide clear, concise, and actionable recommendations for remediation of identified vulnerabilities.
• Collaborate with client security teams to discuss findings and guide remediation efforts.
• Stay up-to-date with the latest penetration testing methodologies, tools, and security trends.
• Assist in the development and maintenance of testing tools and frameworks.
• Mentor junior penetration testers and contribute to team knowledge sharing.
• Contribute to the continuous improvement of the company's offensive security services.

Qualifications and Experience:

• A Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• A minimum of 5 years of hands-on experience in penetration testing and offensive security.
• Proven expertise in various penetration testing domains, including web application security, network security, and cloud security.
• Strong understanding of common vulnerabilities (e.g., OWASP Top 10) and exploit development.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, etc.
• Experience with scripting languages (e.g., Python, Bash) for automation and tool development.
• Excellent analytical, problem-solving, and report-writing skills.
• Outstanding communication and interpersonal skills, with the ability to effectively interact with clients.
• Relevant certifications such as OSCP, OSCE, GPEN, GWAPT, or CISSP are highly desirable.
• Ability to work independently, manage multiple projects, and meet deadlines in a remote environment.

This is an exceptional opportunity for a seasoned penetration tester to join a dynamic team, work on diverse and challenging engagements, and enjoy the full flexibility of remote work from Leeds or anywhere else in the UK. Our client offers a competitive salary, performance-based bonuses, and excellent professional development opportunities.

Our client is seeking a skilled and diligent Penetration Tester to join their established Information Security team based in Derby, Derbyshire, UK . This role is crucial in identifying and mitigating security vulnerabilities within our client's systems, applications, and networks through rigorous ethical hacking methodologies. You will be responsible for planning, executing, and reporting on penetration tests, providing actionable recommendations to enhance our security posture. Key duties include conducting comprehensive vulnerability assessments and penetration tests across various platforms (web applications, networks, mobile apps); developing and documenting detailed test plans and methodologies; utilising a range of security testing tools and techniques; analysing security findings and generating comprehensive, clear, and concise reports for technical and non-technical stakeholders; collaborating with development and IT teams to remediate identified vulnerabilities; staying up-to-date with the latest security threats, attack vectors, and penetration testing techniques; and contributing to the continuous improvement of the company's security testing processes. The ideal candidate will have a strong understanding of common attack vectors, security vulnerabilities, and remediation strategies. Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, and OWASP ZAP is essential. Relevant certifications such as OSCP, CEH, or CISSP are highly desirable. Excellent analytical and problem-solving skills, attention to detail, and the ability to work independently and as part of a team are required. Strong written and verbal communication skills are necessary for reporting findings and liaising with various departments. This is an excellent opportunity for a motivated security professional to contribute to a vital function within the organisation and advance their career in a challenging environment.

Manual Ethical Hacker
Dublin, Ireland;Chester, United Kingdom
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge
Refer a friend
**To proceed with your application, you must be at least 18 years of age.**
Acknowledge ( Description:**
**Job Title: Ethical Hacker**
**Corporate Title: AVP/VP**
**Location: Central Park, Leopardstown, Dublin**
**Chester, UK**
**Company Overview:**
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day.
One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We're devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being.
Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization.
Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us!
**Location Overview:**
Our Central Park office in Leopardstown, boasts modern facilities based in Dublin's premium business park. With an onsite gym and staff restaurant, all your daily needs are conveniently catered for. Travel options include the LUAS network and the Central Park shuttle service between Dublin City Centre and Central Park. We also provide tax saver tickets as part of our award-winning benefits package, which means getting to work has never been so easy.
**Location Overview:**
Find us in the city of Chester, a destination renowned for its culture, history, and beauty. Working at Bank of America Chester offers a far-reaching global career for a world-renowned organisation, whilst being ideally situated against the backdrop of the rolling North Wales hills and the banks of the serene River Dee.
**Role Description**
As an Ethical Hacker: You'll Play a vital role in our Cybersecurity Assurance Program. Your mission? Safeguarding our applications from potential threats.
In this role you'll assess our application security by conducting penetration tests. Think of it as a digital detective work to uncover vulnerabilities. You'll evaluate both internal and external web, mobile, and web service applications. Your goal? To stay ahead of malicious hackers by collaborating with our team to strengthen our defence by identifying and reporting security weaknesses.
**Responsibilities:**
+ Understanding the requirements of our applications and why/how we use them.
+ Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk.
+ Monitoring existing and proposed security standard setting groups
+ Conducting meetings to communicate the findings and implications and set realistic timescales for remediation.
+ Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
+ Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created.
+ Sharing knowledge with technical and non-technical colleagues through training sessionsJoin us in fortifying our digital realm and making a real impact in the world of security!
**What we are looking for:**
+ Proven professional experience in Ethical Hacking or Cyber Security.
+ Expert level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; applications session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services.
+ Able to manually identify and reproduce findings, discuss remediation concepts, develop PoCs for vulnerabilities, can use scripting/coding techniques, proficiently execute common penetration testing tools, triage and support incidents, and produce high-value findings
+ Experience in conducting web application ethical hacking assessments.
+ Ability to demonstrate manual web application testing experience i.e. must be able to simulate a SQL inject/Cross-site script attack without the use of tool.
+ Ability to demonstrate manual web application testing experience i.e. must be able to simulate a SQL inject/Cross-site script attack without the use of tool.
+ Knowledge of network and Web related protocols/technologies (e.g. UNIX/LINUX, TCP/IP, Cookies).
+ Experience with vulnerability assessment tools and penetration testing techniques.
+ Solid programming/debugging skills.
+ Experience of using a variety of tools, included, but not limited to, Invicti, Burp and SQL Map.
+ Ability to learn and apply critical thinking in a variety of situations.
+ Effective written and oral communication skills.
+ Ability to multitask and handle multiple projects.
**Benefits of working at Bank of America:**
**Ireland**
+ Private healthcare for you and your family plus an annual health screen to help you manage your physical wellness with the option to purchase a screen for your partner.
+ Competitive pension plan, life assurance and group income protection cover if you become unable to work as a result of a disability or health reasons.
+ 20 days of back-up childcare and 20 days of back-up adult care per annum.
+ The ability to change your core benefits as well as the option of selecting a variety of flexible benefits to suit your personal circumstances including access to a wellbeing account, travel insurance, critical illness etc.
+ Access to an Employee Assistance Program for confidential support and help for everyday matters.
+ Access to free counselling through the Employee Assistance Program and virtual GP services through our private health care plan.
+ Ability to donate to charities of your choice and the bank will match your contribution.
+ Opportunity to access our Arts & Culture corporate membership program and receive discounted entry to some of Ireland's most iconic cultural institutions and exhibitions.
+ Opportunity to give back to your community, develop new skills and work with new groups of people by volunteering in your local community.
**Bank of America:**
Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well.
We are an equal opportunities employer and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity or gender reassignment, marital or civil partner status, race, religion or belief, colour, nationality, ethnic or national origins, membership of the Traveller community, age, sexual orientation, pregnancy or maternity, civil status, socio-economic background, family status or physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience.
We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements.
Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.
To view the "Know your Rights" poster, CLICK HERE ( .
View the LA County Fair Chance Ordinance ( .
Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work.
This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.

Our client, a leading cybersecurity firm, is seeking a highly skilled Senior Penetration Tester to join their established team in Bristol, South West England, UK . This role offers a flexible hybrid working model, combining collaborative office time with the convenience of remote work.

As a Senior Penetration Tester, you will play a critical role in identifying vulnerabilities and weaknesses in our client's systems and networks. You will conduct comprehensive security assessments, simulating real-world cyber-attacks to protect sensitive data and ensure the integrity of their digital infrastructure. Your expertise will be vital in helping clients maintain a robust security posture against evolving threats.

Key responsibilities include:

• Performing in-depth penetration tests on web applications, networks, mobile applications, and cloud environments.
• Identifying, analyzing, and documenting security vulnerabilities and their potential impact.
• Developing and executing exploitation strategies to demonstrate the real-world risk of identified vulnerabilities.
• Conducting social engineering assessments to evaluate human vulnerabilities.
• Utilizing a wide range of penetration testing tools and methodologies (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
• Providing clear, concise, and actionable remediation recommendations to clients.
• Writing comprehensive penetration testing reports that articulate findings, risks, and proposed solutions.
• Collaborating with client IT and security teams to discuss findings and remediation plans.
• Keeping up-to-date with the latest threat landscapes, attack vectors, and security technologies.
• Contributing to the development and improvement of penetration testing methodologies and tools.
• Mentoring junior penetration testers and sharing knowledge within the team.
• Participating in security awareness training and client presentations.

Qualifications:

• Proven experience as a Penetration Tester or similar cybersecurity role.
• Demonstrable expertise in network penetration testing, web application security, and wireless security.
• Strong understanding of common vulnerabilities (e.g., OWASP Top 10) and attack techniques.
• Proficiency with various penetration testing tools and frameworks.
• Excellent analytical and problem-solving skills, with a keen eye for detail.
• Strong report writing and communication skills, with the ability to effectively explain complex technical issues to both technical and non-technical audiences.
• Relevant certifications such as OSCP, CREST, CEH, CISSP are highly desirable.
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.

If you are a proactive security professional with a passion for ethical hacking and a commitment to enhancing cybersecurity, this is an exceptional opportunity to advance your career.

Our client, a leading cybersecurity firm, is seeking a highly skilled Senior Penetration Tester to join their elite team. This hybrid role offers the opportunity to conduct comprehensive security assessments for a diverse range of clients, based in Coventry, West Midlands, UK , while benefiting from a flexible working arrangement. The ideal candidate will possess a deep understanding of offensive security techniques and a passion for identifying vulnerabilities before malicious actors can exploit them.

Responsibilities:

• Conduct thorough penetration tests on web applications, network infrastructure, APIs, and mobile applications.
• Perform social engineering exercises to assess the human element of security.
• Identify, exploit, and document security vulnerabilities, providing detailed reports with clear remediation recommendations.
• Develop and maintain custom scripts, tools, and methodologies to enhance testing capabilities.
• Stay abreast of the latest threat vectors, attack methodologies, and emerging security vulnerabilities.
• Collaborate with clients to understand their security posture and testing requirements.
• Communicate complex technical findings effectively to both technical and non-technical audiences through written reports and presentations.
• Mentor and guide junior penetration testers, sharing knowledge and best practices.
• Participate in security research and development to contribute to the firm's expertise.
• Ensure all testing is conducted ethically, legally, and within agreed-upon scopes.
• Contribute to the continuous improvement of the firm's penetration testing services and methodologies.
• Assist in the development of security awareness training materials based on testing findings.

Qualifications:

• A Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent demonstrable experience.
• Professional certifications such as OSCP, OSCE, GPEN, GXPN, CEH, CISSP are highly desirable.
• A minimum of 5 years of hands-on experience in penetration testing and vulnerability assessment.
• Proven expertise in exploiting common vulnerabilities (e.g., OWASP Top 10) and advanced attack techniques.
• Proficiency in using various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, Kali Linux).
• Strong understanding of network protocols, operating systems, web technologies, and cryptography.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills, with the ability to produce clear and comprehensive technical reports.
• Ability to work independently and as part of a collaborative team, managing multiple projects effectively.
• Client-facing experience and excellent interpersonal skills.
• Willingness to travel to client sites occasionally as required.

This role presents an exciting opportunity to work on challenging security projects, develop your expertise, and play a crucial role in protecting organisations from cyber threats, with the flexibility of a hybrid working model.