64 Penetration Testers jobs in the United Kingdom

Our client is searching for a skilled Penetration Tester to enhance their information security posture, based in or near Oxford, Oxfordshire, UK . This role is fundamental in proactively identifying and exploiting security weaknesses in our systems, applications, and networks before malicious actors can. You will conduct various types of penetration tests, including network, web application, and mobile application testing, as well as social engineering exercises. The goal is to provide actionable recommendations for improving our security defenses.

Key responsibilities include:

• Performing comprehensive network, application, and infrastructure penetration tests.
• Identifying and documenting security vulnerabilities, misconfigurations, and potential attack vectors.
• Developing clear and concise technical reports detailing findings and remediation recommendations.
• Collaborating with development and operations teams to implement security fixes.
• Staying updated on the latest penetration testing methodologies, tools, and industry threats.
• Conducting security research to discover new vulnerabilities and attack techniques.
• Participating in red teaming exercises.
• Providing expertise and guidance on security best practices.

The ideal candidate will have a deep understanding of offensive security techniques, a strong command of common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap), and scripting skills (e.g., Python, Bash). Relevant certifications such as OSCP, CEH, or GIAC are highly valued. Excellent written and verbal communication skills are required to effectively convey technical findings. This position is offered with a flexible remote work arrangement, allowing for a blend of office and home-based work.

Our client is seeking a highly skilled and ethical Penetration Tester to bolster their Information Security team. This is a fully remote, permanent position, offering the flexibility to work from anywhere in the UK. The Penetration Tester will be responsible for identifying and exploiting security vulnerabilities in our client's systems, applications, and networks to assess their security posture and provide actionable recommendations for improvement. You will conduct comprehensive security assessments, including network penetration testing, web application testing, and social engineering assessments. Key responsibilities include planning and executing penetration tests, documenting findings and creating detailed reports for technical and non-technical audiences, developing proof-of-concept exploits, and collaborating with development and IT teams to remediate vulnerabilities. The ideal candidate will have a deep understanding of common attack vectors, security principles, and exploitation techniques. Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali Linux is essential. Experience with scripting languages (e.g., Python, Bash) is highly advantageous. Relevant certifications such as OSCP, CEH, GPEN, or LPT are strongly preferred. Excellent analytical, problem-solving, and report-writing skills are paramount. You should be a motivated, self-starter who can work independently and manage multiple testing engagements effectively. If you are passionate about offensive security and eager to make a significant contribution to strengthening our client's defenses, we encourage you to apply for this exciting remote opportunity.

**The team you'll be working with:**
**Consultant - Offensive Security Testing**
**Role Overview:**
We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus understanding on threat intelligence and attack methods. The ideal candidate will be responsible for managing and conducting advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across a variety of environments, including OT, IT, web applications, cloud infrastructure, and APIs. This role requires a deep understanding of adversarial approaches, excellent communication skills, and the ability to provide strategic and actionable recommendations to significantly enhance our clients' security posture.
**What you'll be doing:**
**What you'll be doing:**
**Responsibilities:**
+ Lead and manage the full lifecycle of complex penetration testing engagements, applying a strong threat intelligence-led approach.
+ Execute advanced penetration tests across a broad range of environments (applications, infrastructure, web, APIs, O365, Azure, AWS, OT), directly applying your knowledge of current threat landscapes and attacker TTPs.
+ Develop and maintain sophisticated test plans, execution plans, and targeted use cases directly informed by in-depth threat intelligence analysis.
+ Identify and prioritize OT and IT assets, services, and systems based on their criticality and potential exposure to identified threats.
+ Strategically prioritize, plan, and schedule penetration testing engagements based on comprehensive threat assessments and client-specific requirements.
+ Produce high-quality, detailed reports that clearly articulate technical findings, potential business impact, and strategic, actionable remediation recommendations for both technical and non-technical stakeholders.
+ Clearly and effectively communicate complex security concepts, adversarial tactics, and critical threat intelligence insights to diverse audiences.
+ Collaborate closely with client IT and cybersecurity teams to drive the enhancement of security protocols and ensure effective, threat-informed remediation of identified vulnerabilities.
+ Track the progress of remediation efforts and provide regular, concise updates to stakeholders, highlighting the reduction of identified threats.
+ Conduct proactive security research and contribute to the creation of technical content on emerging threats, advanced attack techniques, and threat intelligence-led testing methodologies.
+ Contribute to strengthening security monitoring (blue team) capabilities by providing valuable insights into offensive techniques and adversarial behaviors to enhance detection and response effectiveness.
+ Drive the patching regime for identified vulnerabilities, prioritizing remediation efforts based on threat intelligence and the potential for exploitation by advanced threat actors.
**What experience you'll bring:**
**What you'll bring:**
**Skills and Qualifications:**
+ Minimum of 5 years of demonstrable professional experience in penetration testing, with a strong emphasis on understanding, emulating, and leveraging adversarial tactics and threat intelligence.
+ Comprehensive understanding of OT and IT asset profiles, technologies, and security best practice principles, with a proven ability to contextualize them within the current threat landscape.
+ In-depth knowledge of network protocols, cryptography, security vulnerabilities, and common attack vectors employed by sophisticated threat actors.
+ Demonstrated proficiency in utilizing a wide range of penetration testing tools and methodologies, including those specifically used for threat intelligence analysis and application.
+ Proven experience in scoping and executing complex penetration tests, particularly those directly informed and driven by threat intelligence.
+ Exceptional written and verbal communication skills, with the ability to articulate complex technical findings and nuanced threat intelligence insights clearly and concisely to diverse audiences.
+ Strong organizational and time management skills, with a proven ability to effectively manage and prioritize multiple concurrent engagements.
+ Current CREST CRT certification or higher is essential.
+ Must hold or be eligible for SC Clearance.
**Desirable Skills:**
+ Experience with Breach Attack Simulation tools and methodologies.
+ Experience in Vulnerability Management processes and integrating threat intelligence.
+ Understanding of Risk Management frameworks and how threat intelligence informs risk assessments.
+ Hands-on experience with security reviews of AWS, Azure, and GCP environments, incorporating cloud-specific threats.
+ Experience with ISO 27001 auditing/implementation, understanding the role of threat intelligence in compliance.
+ Other advanced cybersecurity certifications such as CISM, CISSP, ECSA, CREST CCT.
**Who we are:**
We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.
Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.
For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA ( we'll offer you:**
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.
You can find more information about NTT DATA UK & Ireland here: are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.
**Closing Date:**
31/07/2025
Back to search Email to a friend Apply now

Our client, a rapidly growing cybersecurity consultancy, is seeking a highly skilled Senior Penetration Tester to join their remote-first team. This exciting role offers the opportunity to conduct comprehensive security assessments, identify vulnerabilities, and provide actionable recommendations to a diverse client base across various industries. You will be responsible for performing network, web application, and mobile application penetration tests, as well as social engineering assessments and physical security testing. Key responsibilities include planning and executing penetration tests, developing detailed reports of findings and remediation strategies, and presenting results to clients. The ideal candidate will have extensive experience in ethical hacking, vulnerability assessment, and exploitation techniques. Proficiency in a variety of security tools and scripting languages (e.g., Metasploit, Burp Suite, Python, PowerShell) is essential. A strong understanding of common security vulnerabilities (OWASP Top 10, SANS Top 25) and network protocols is required. This position demands a proactive, creative, and analytical mindset, coupled with excellent communication skills to articulate complex technical issues effectively. You will play a critical role in enhancing the security posture of our clients and contributing to the firm's reputation for excellence. Relevant certifications such as OSCP, CEH, or CISSP are highly desirable. Join a dedicated team of cybersecurity professionals committed to staying ahead of emerging threats.

Our client is searching for a highly skilled and experienced Lead Penetration Tester to spearhead their offensive security initiatives. This role is entirely remote, offering significant autonomy and the chance to work with cutting-edge technologies from anywhere in the UK.

Responsibilities:

• Plan, execute, and report on comprehensive penetration tests against web applications, networks, cloud environments, and mobile applications.
• Lead and mentor a team of junior penetration testers, providing guidance and technical expertise.
• Develop and refine penetration testing methodologies and toolsets.
• Identify, exploit, and document vulnerabilities, providing actionable recommendations for remediation.
• Communicate findings and recommendations effectively to both technical and non-technical stakeholders.
• Stay current with the latest hacking techniques, tools, and trends in the cybersecurity landscape.
• Develop custom scripts and tools to automate security testing processes.
• Perform security architecture reviews and provide input on secure design principles.
• Contribute to the development and improvement of the company's overall security posture.
• Manage client relationships and project timelines for penetration testing engagements.
• Conduct red team exercises to simulate advanced persistent threats.

Qualifications:

• Proven experience (5+ years) in professional penetration testing and offensive security.
• Demonstrated expertise in various penetration testing domains (web, network, cloud, mobile).
• Strong understanding of exploitation techniques, CND, and risk assessment frameworks.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, and Cobalt Strike.
• Experience in scripting languages (e.g., Python, PowerShell) for automation and tool development.
• Excellent written and verbal communication skills, with the ability to produce high-quality technical reports.
• Relevant certifications like OSCP, GPEN, CEH, or CISSP are highly valued.
• Ability to work independently, manage multiple projects simultaneously, and meet deadlines in a remote setting.
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Leadership experience or demonstrated ability to mentor junior team members.

This is an exceptional opportunity for a seasoned security professional to take on a leadership role in a fully remote capacity, making a significant impact on our client's security strategy.

Our client is seeking a talented Senior Penetration Tester to bolster their cybersecurity team in **Liverpool, Merseyside, UK**. This critical role involves identifying vulnerabilities and security weaknesses in client systems and applications through ethical hacking methodologies. You will be responsible for planning, executing, and reporting on various types of penetration tests, including network, web application, API, and mobile application testing. The successful candidate will possess a deep understanding of common attack vectors, exploitation techniques, and defence mechanisms. Key responsibilities include:

• Performing comprehensive network penetration tests, both internal and external.
• Conducting thorough web application security assessments, including OWASP Top 10 vulnerabilities.
• Executing API and mobile application penetration testing.
• Identifying, analysing, and documenting security vulnerabilities with detailed evidence.
• Developing clear and actionable remediation recommendations for identified risks.
• Writing high-quality technical reports for both technical and non-technical audiences.
• Advising clients on security best practices and emerging threats.
• Staying current with the latest penetration testing tools, techniques, and threat landscapes.
• Participating in red teaming exercises and simulated attacks.
• Mentoring junior security analysts and sharing knowledge within the team.

The ideal candidate will have a Bachelor's degree in Computer Science, Cybersecurity, or a related field, coupled with at least 5 years of hands-on experience in penetration testing. Industry certifications such as OSCP, CEH, CISSP, or GWAPT are highly desirable. Proficiency in scripting languages (e.g., Python, Bash) and experience with common penetration testing tools (e.g., Metasploit, Burp Suite, Nmap) are essential. Strong analytical, problem-solving, and communication skills are also required. This is an excellent opportunity to join a leading cybersecurity firm and contribute to protecting organisations from sophisticated cyber threats.

Our client is seeking a highly skilled Senior Penetration Tester to join their esteemed Information Security team. This role is based in the historic city of **Oxford, Oxfordshire, UK**, and offers a chance to work on challenging security assessments.

You will be responsible for conducting comprehensive security testing of various systems, applications, and networks to identify vulnerabilities and provide actionable remediation strategies. This role requires a deep understanding of security principles, attack vectors, and defensive measures.

Key Responsibilities:

• Perform external and internal penetration tests, web application security assessments, mobile application testing, and network vulnerability assessments.
• Identify, exploit, and document security vulnerabilities.
• Develop detailed reports outlining findings, risks, and recommendations for remediation.
• Conduct social engineering exercises and phishing campaigns.
• Assist in the development and maintenance of security testing tools and frameworks.
• Collaborate with development and IT teams to ensure security best practices are implemented.
• Stay current with the latest threats, vulnerabilities, and penetration testing techniques.
• Provide expert advice on security best practices and risk mitigation.
• Mentor junior security analysts.
• Participate in security awareness training initiatives.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Minimum of 5 years of experience in penetration testing and vulnerability assessment.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, and Kali Linux.
• Strong understanding of networking protocols, operating systems, and web application security.
• Experience with scripting languages (e.g., Python, Bash).
• Excellent analytical and problem-solving skills.
• Strong report writing and communication skills.
• Relevant security certifications such as OSCP, CEH, CISSP are highly desirable.
• Ability to work independently and manage project timelines effectively.
• Experience with cloud security testing is a plus.

This role is based in **Oxford**, offering a stimulating work environment within a leading organization dedicated to robust information security. The opportunity for hybrid working means you can balance your time between our office and remote settings.