37 Penetration Tester jobs in the United Kingdom

My Client is a cybersecurity company who offer security services to multiple businesses across varying industries. They are now looking for a graduate Penetration Tester to join their growing team!

Main Duties:

• Vulnerability Identification: Conduct thorough assessments to identify security vulnerabilities in networks, applications, and systems.
• Exploitation and Reporting: Simulate cyberattacks to exploit vulnerabilities and document findings in detailed reports.
• Security Recommendations: Provide actionable guidance to mitigate risks and improve the organization's security posture.
• Compliance and Standards: Ensure testing aligns with industry regulations and security standards (e.g., OWASP, PCI-DSS).
• Continuous Research: Stay updated on emerging threats, tools, and techniques to enhance testing methodologies.

Skills and Experience Required:

• Must have graduated/currently studying at a Russell Group University
• Really strong academics- A*-A at A-levels
• Must be passionate about Cybersecurity!

Desirable skills:

• GitHub projects
• Cybersecurity certifications (eg: OSCP)
• Completion of courses
• Hack The Box
• Try Hack me

The salary for this position is up to £35,000- £45,000 depending on experience.

If you feel like you have the right skills and experience then please apply with a copy of your updated CV and we will be in touch with more details.

Penetration Tester – UK remote - £60,000 - £80,000 + Benefits + Bonus

Our client is looking for an experienced Penetration Tester to join their established Offensive Security function. This role involves conducting and delivering high-quality security assessments across web applications, infrastructure, mobile, cloud, and networks.

Our client is looking for someone who has a wide understanding of different types of security testing, and in-depth threat-intelligence knowledge.

Main Responsibilities:

• Perform penetration tests on web applications, networks, APIs, cloud environments, and mobile platforms.
• Assist in red team exercises, social engineering assessments, and security awareness initiatives.
• Conduct vulnerability assessments, exploit security flaws, and document findings with actionable remediation steps.
• Simulate real-world attack scenarios to evaluate security weaknesses.
• Utilize and develop custom scripts, tools, and exploits to test system defences.
• Work closely with security teams to remediate identified vulnerabilities.

To be considered, you should have:

• 4+ years in a penetration testing position.
• Strong knowledge of OWASP Top 10, MITRE ATT&CK Framework, and common exploit techniques.
• Experience using tools such as Burp Suite, Metasploit, Kali Linux, Nmap, and Wireshark.
• Experience with cloud security testing, particularly in AWS, Azure, or Google Cloud.
• Ability to write and modify exploits using Python, PowerShell, Bash, or other scripting languages.
• Relevant certifications such as OSCP, CEH, GPEN, or CISSP are highly desirable.

Penetration Tester – UK Remote – £60,000 - £80,000 + Benefits

Our client, a leading UK Cyber Security Consultancy, is looking for an experienced Mobile Application Penetration Tester to join their Offensive Security function. Our client offers a range of penetration testing services, including red teaming engagements, providing opportunities to work on diverse client projects and lead engagements from the forefront.

Key Responsibilities:

• Conduct mobile application penetration testing across Android and iOS platforms, assessing security vulnerabilities.
• Engage in red teaming exercises to simulate real-world attack scenarios against enterprise applications.
• Evaluate API security, network communications, cryptographic implementations, and mobile backend security.
• Perform manual and automated exploitation, including tampering, code injection, authentication bypass, and malware analysis.
• Utilize industry-leading tools such as Burp Suite, MobSF, Frida, Objection, IDA Pro, and other mobile security frameworks.

To Be Considered for This Role:

• Proven experience in penetration testing mobile applications, focusing on Android and iOS security.
• Expertise in reverse engineering, dynamic analysis, API security testing, and mobile exploit development.
• Familiarity with OWASP Mobile Top 10 and secure coding practices for mobile platforms.
• Strong proficiency in Burp Suite, MobSF, Frida, and related mobile security tools.
• Skilled in scripting and exploit development using Python, Bash, or PowerShell.
• CHECK and CREST certifications such as OSCP, OSEP, CREST CPSA/CRT, or GIAC GMOB are highly desirable.

Penetration Tester – UK remote - £30,000 - £40,000 + Benefits + Bonus

Our client is looking for a Penetration Tester to join their established Offensive Security function. This role involves conducting and delivering high-quality security assessments across web applications, infrastructure, mobile, cloud, and networks.

Our client is looking for someone who has a wide understanding of different types of security testing, and in-depth threat-intelligence knowledge.

Main Responsibilities:

• Perform penetration tests on web applications, networks, APIs, cloud environments, and mobile platforms.
• Assist in red team exercises, social engineering assessments, and security awareness initiatives.
• Conduct vulnerability assessments, exploit security flaws, and document findings with actionable remediation steps.
• Simulate real-world attack scenarios to evaluate security weaknesses.
• Utilize and develop custom scripts, tools, and exploits to test system defences.
• Work closely with security teams to remediate identified vulnerabilities.

To be considered, you should have:

• 1+ years in a professional Penetration Testing role.
• Strong interest of OWASP Top 10, MITRE ATT&CK Framework, and common exploit techniques.
• Desire and interest to build a career in the Offensive Security space

We’re a tight-knit team of UK-based cyber security professionals delivering high-quality, consultative penetration testing to companies of all sizes, from scaling startups to established names. We focus on real risk, clear communication, and delivering value that actually helps clients stay secure.

Right now, we’re growing, and we’re looking for someone technical, capable, and collaborative to join us.

You won’t be just another tester churning through engagements. We’re not about conveyor belt consulting. We’re building a delivery team with autonomy, purpose, and pride in the craft, and this is your chance to help shape that from the ground up.

What You’ll Be Doing

• Delivering penetration testing engagements, mostly web apps, external/internal infrastructure, cloud, and social engineering/phishing
• Writing clear, client-facing reports that focus on actionable risk (not just CVSS scores)
• Working closely with the sales team to help scope projects and answer client questions
• Helping define internal testing standards, tooling, and methodology
• Contributing to continuous improvement, research, and knowledge sharing
• Helping mentor junior team members as we grow

What We’re Looking For

• OSCP + CREST CRT
• Solid hands-on experience with web and infrastructure testing
• Strong report writing and communication skills
• Familiarity with standard tooling (Burp, Nmap, custom scripts, etc.)
• Comfortable working independently in a small, fast-growing team

What We Offer

• Competitive salary based on experience
• Remote-first with flexible working hours
• Real input into delivery approach, tooling, and team direction
• Opportunity to lead, mentor, and shape the future of the technical team
• No nonsense, no red tape, just clean work and room to grow

This is a role for someone who wants more than a ticket queue.

You’ll have freedom, ownership, and a real seat at the table. Ready to make your mark?

Role: Penetration Tester

Location: London

Salary: £45k - £0k

Work Pattern: On-Site For 3 Months and Then 3 Days On-Site / 2 Days WFH

Skillset: OWASP, Cloud Platforms, SSL/TLS

Summary

An elite security consultancy has a brand new role for an experienced Penetration Tester to join their team. The role is being offered on a permanent basis from their central London office, close to major transport links.

You will be tasked with conducting security assessments of client assets in addition to ensuring the highest quality of client deliverables.

Initially, you will be working full-time onsite which will then reduce to 3 days on-site and 2 days work from home. There may also be occasional visits to client sites across the UK.

The Company

Partnered with multiple industry leaders, the company provide a range of security services from security awareness training, policies and assessments. Their goal is to empower, and provide clients with an exceptional customer experience by thinking outside the box, sharing knowledge and delivering high-quality results.

As an employee you will receive a competitive salary and have access to opportunities for professional growth and development through regular performance reviews and curated training and development plans.

The Role

The ideal candidate with have a goal-orientated mindset with strong analytical and problem-solving skills. Strong communication skills are also a must as you will be collaborating and sharing knowledge with the wider team. Your responsibilities will cover:

• Report writing and presentation of test findings
• Perform web and mobile application security assessments
• Conduct API, cloud and infrastructure pen tests
• Provide post-test support
• Assist with the development of junior team members

Essential Experience

• 3-5 Years Previous Testing Experience
• OWASP Web Applications Testing Methodology
• SSL / TLS , HTTP
• Cloud Platforms
• OSI Model

Benefits

• Annual Training and Development Plans
• Regular Performance Reviews
• Industry Events and Conferences
• Hybrid Working After Probation Period

Apply Now!

If you are an experienced Penetration Tester and you are looking to progress with an organisation alongside ambitious and driven professionals, then look no further – this is the role for you!

Referrals:

If this role isn’t right for you, do you know someone that might be interested? You could earn £1,0 of retail vouchers if you refer a successful candidate to Oscar. Email: to recommend someone for this role.

Interviews for this role will be held imminently. To be considered, please send your CV to me now to avoid disappointment.

Role: Penetration Tester

Location: London

Salary: 5k - 0k

Work Pattern: On-Site For 3 Months and Then 3 Days On-Site / 2 Days WFH

Skillset: OWASP, Cloud Platforms, SSL/TLS

Penetration Tester - Infrastructure / OT

(Consultancy | Mostly Remote | Not for Beginners)

Right. Let’s skip the fluff.

One of our consultancy clients needs an experienced Infrastructure Pen Tester. Not someone who wants to be a Pen Tester. Not someone halfway through their OSCP. Someone who's been there, and got some of the battle scars already.

They work with clients in Operational Technology (OT) - that’s industrial control systems, manufacturing kit, and the sort of environments where “turning it off and on again” could cost millions. So yeah, it’s not your average test.

The Job (in plain English):

You’ll be testing infrastructure - manually. No Web App fluff, no clicking “scan” in a tool and writing up the results. You’ll be dealing with proper kit and real-world impact. A lot of autonomy, and the expectation that you can figure things out without someone holding your hand.

What You Actually Need:

• Hands-on experience with infrastructure pen testing - and we mean proper hands-on.
• Experience in OT environments - You’ve been there, done that, ideally not blown anything up.
• Brains - Able to look at a scope, figure it out, and adapt when things inevitably go sideways.
• Coding skills - Not essential, but if you can sling some Python around, it’ll help.
• Certs - OSCE, OSCE, CTL, CTM would be nice. But if you don’t have it and you know your stuff, that’s fine too.
• Consultancy experience - Again, preferred. If you’ve worked client-side before, you’ll get the vibe.

Location:

The team’s largely remote as it stands. Occasionally, you’ll need to rock up to a client site - so don’t apply if you plan on never leaving the house.

Level:

They’re open to solid testers up to Principal level. But don’t expect a slow ramp-up - they need someone who can get stuck in from Day One.

Pay:

It’s not listed because they’re willing to flex for the right person. If you’re good, you’ll get paid accordingly. Just get in touch and we’ll have the grown-up conversation.

If this sounds like your sort of thing - or you’re tired of being micromanaged, underpaid, or stuck testing login pages - drop me a line.

No nonsense. No fluff. Just a good gig for the right tester.

Penetration Tester - £550 - £00 Per Day – London (Hybrid) – 6 Months - Financial Services

Overview:

A market leading organization operating within the Financial Services sector is searching for an experienced Penetration Tester to join one of their growing teams in London on a hybrid basis.

Role & Responsibilities:

• Support technical assessments and audits to ensure IT systems and processes adhere to standards and best practices
• Assist with report preparation and compilation
• Collaborate with IT teams to identify and remediate technical risks and vulnerabilities
• Monitor and analyse technical assurance metrics and KPIs
• Assist with recommendations for process improvements and optimisations
• Support in compliance reviews and assessments
• Engage with projects to scope assessments and provide close out feedback to the project teams
• Collaborate with the wider Security Operations teams to enable better utilisation of results.

Technical Requirements:

• Advanced with offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz, Burpsuite or similar tools
• Good knowledge of creating scripts in preferred scripting language
• Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
• Technical expertise in security engineering, system and network security, authentication and security protocols
• Highest level of technical expertise in cybersecurity, including deep familiarity with relevant penetration and intrusion techniques and attack vectors
• Familiarity with the Open Web Application Security Project (OWASP) top 10 vulnerabilities

Rate & Duration:

• £550 00 per day
• 6 Months

Penetration Tester - 50 - 00 Per Day – London (Hybrid) – 6 Months - Financial Services

Role: Penetration Tester

Location: London

Salary: £45k - £0k

Work Pattern: On-Site For 3 Months and Then 3 Days On-Site / 2 Days WFH

Skillset: OWASP, Cloud Platforms, SSL/TLS

Summary

An elite security consultancy has a brand new role for an experienced Penetration Tester to join their team. The role is being offered on a permanent basis from their central London office, close to major transport links.

You will be tasked with conducting security assessments of client assets in addition to ensuring the highest quality of client deliverables.

Initially, you will be working full-time onsite which will then reduce to 3 days on-site and 2 days work from home. There may also be occasional visits to client sites across the UK.

The Company

Partnered with multiple industry leaders, the company provide a range of security services from security awareness training, policies and assessments. Their goal is to empower, and provide clients with an exceptional customer experience by thinking outside the box, sharing knowledge and delivering high-quality results.

As an employee you will receive a competitive salary and have access to opportunities for professional growth and development through regular performance reviews and curated training and development plans.

The Role

The ideal candidate with have a goal-orientated mindset with strong analytical and problem-solving skills. Strong communication skills are also a must as you will be collaborating and sharing knowledge with the wider team. Your responsibilities will cover:

• Report writing and presentation of test findings
• Perform web and mobile application security assessments
• Conduct API, cloud and infrastructure pen tests
• Provide post-test support
• Assist with the development of junior team members

Essential Experience

• 3-5 Years Previous Testing Experience
• OWASP Web Applications Testing Methodology
• SSL / TLS , HTTP
• Cloud Platforms
• OSI Model

Benefits

• Annual Training and Development Plans
• Regular Performance Reviews
• Industry Events and Conferences
• Hybrid Working After Probation Period

Apply Now!

If you are an experienced Penetration Tester and you are looking to progress with an organisation alongside ambitious and driven professionals, then look no further – this is the role for you!

Referrals:

If this role isn’t right for you, do you know someone that might be interested? You could earn £1,0 of retail vouchers if you refer a successful candidate to Oscar. Email: to recommend someone for this role.

Interviews for this role will be held imminently. To be considered, please send your CV to me now to avoid disappointment.

Role: Penetration Tester

Location: London

Salary: 5k - 0k

Work Pattern: On-Site For 3 Months and Then 3 Days On-Site / 2 Days WFH

Skillset: OWASP, Cloud Platforms, SSL/TLS