11 Penetration Testing jobs in the United Kingdom

Our client, a dynamic cybersecurity firm, is seeking a highly skilled Senior Information Security Analyst specializing in penetration testing. This role is essential for identifying and mitigating security vulnerabilities across various client systems and networks. This position is fully remote, offering the flexibility to conduct comprehensive security assessments from anywhere.

The ideal candidate will have a deep understanding of offensive security techniques, vulnerability assessment tools, and the ability to simulate real-world attack scenarios. You will be responsible for conducting thorough penetration tests, analyzing findings, and providing actionable recommendations to clients to enhance their security posture. A passion for cybersecurity and a commitment to ethical hacking are paramount.

Key Responsibilities:

• Plan, execute, and document penetration tests on web applications, networks, cloud environments, and mobile applications.
• Identify and exploit security vulnerabilities, assessing their potential impact and risk.
• Utilize a variety of penetration testing tools and methodologies (e.g., Metasploit, Burp Suite, Nmap).
• Conduct thorough vulnerability assessments and security audits.
• Develop detailed reports outlining identified vulnerabilities, their severity, and remediation recommendations.
• Collaborate with clients to understand their security needs and provide expert advice.
• Stay abreast of the latest threats, vulnerabilities, and security trends.
• Assist in the development and refinement of penetration testing methodologies and procedures.
• Mentor junior security analysts and contribute to team knowledge sharing.
• Ensure all testing activities comply with ethical standards and client agreements.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent practical experience.
• Minimum of 5 years of experience in penetration testing and vulnerability assessment.
• In-depth knowledge of common attack vectors, exploitation techniques, and security countermeasures.
• Proficiency with a wide range of penetration testing tools and frameworks.
• Experience in scripting languages (e.g., Python, Bash) for security automation is a plus.
• Strong understanding of networking protocols, operating systems, and web application security.
• Excellent analytical, problem-solving, and critical thinking skills.
• Exceptional written and verbal communication skills, with the ability to clearly articulate technical findings to both technical and non-technical audiences.
• Relevant security certifications such as OSCP, CEH, CISSP are highly desirable.
• Ability to work independently and manage multiple projects effectively in a remote environment.

This is an excellent opportunity for an experienced security professional to contribute their expertise to a leading cybersecurity firm. If you are based in or able to serve clients in Southampton, Hampshire, UK remotely, we encourage you to apply.

Our client, a leading financial services organization, is seeking a highly skilled Senior Information Security Analyst specializing in Penetration Testing to join their dynamic security team, based in Sheffield, South Yorkshire, UK . This critical role involves proactively identifying and mitigating security vulnerabilities across the organization's network infrastructure, applications, and systems. The Senior Analyst will plan, execute, and report on penetration tests, vulnerability assessments, and security audits using a variety of industry-standard tools and methodologies. You will be responsible for simulating attacks, analyzing their potential impact, and providing detailed, actionable recommendations for remediation to technical teams and management. The ideal candidate will possess deep technical expertise in cybersecurity, a strong understanding of ethical hacking principles, and a proven ability to think like an attacker. This position requires excellent analytical, problem-solving, and communication skills, with the ability to clearly articulate complex security findings to both technical and non-technical audiences. While the primary work location is Sheffield, this role offers a degree of flexibility, allowing for some remote work to support work-life balance.

Key Responsibilities:

• Plan, conduct, and report on network, application, and system penetration tests.
• Perform vulnerability assessments and security audits to identify weaknesses.
• Simulate real-world attack scenarios to evaluate the effectiveness of security controls.
• Analyze test results and provide detailed, actionable recommendations for remediation.
• Develop and maintain security testing methodologies and playbooks.
• Stay current with the latest threats, vulnerabilities, and attack techniques.
• Collaborate with IT and development teams to ensure security vulnerabilities are addressed promptly.
• Assist in the development and implementation of security policies and procedures.
• Mentor junior security analysts and contribute to team knowledge sharing.
• Participate in incident response activities when necessary.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Minimum of 5 years of experience in information security, with a strong focus on penetration testing and vulnerability assessment.
• In-depth knowledge of network protocols, operating systems (Windows, Linux), and common attack vectors.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, etc.
• Experience with scripting languages (e.g., Python, Bash) for automation is highly desirable.
• Relevant security certifications such as OSCP, CISSP, CEH, GIAC (GPEN, GWAPT) are a plus.
• Excellent analytical, problem-solving, and critical-thinking skills.
• Strong written and verbal communication skills, with the ability to produce clear and concise reports.
• Ability to work independently and manage multiple projects simultaneously.

This is a challenging and rewarding opportunity to play a vital role in protecting the organization's digital assets and contributing to its overall security posture.

Our client, a leader in providing secure digital solutions, is seeking a highly skilled Senior Information Security Analyst specializing in Penetration Testing to join their team in **Plymouth, Devon, UK**. This hybrid role is critical for identifying and mitigating security vulnerabilities across the organisation's IT infrastructure and applications.

You will be responsible for conducting comprehensive penetration tests, vulnerability assessments, and security audits using a variety of tools and methodologies. Your role will involve simulating cyber-attacks to uncover weaknesses in systems, networks, and applications, and providing detailed reports with actionable recommendations for remediation. You will collaborate closely with IT and development teams to implement security enhancements and ensure compliance with industry best practices and regulatory requirements. The successful candidate will have a deep understanding of common attack vectors, security frameworks (e.g., OWASP, NIST), and exploit development. Experience with scripting languages (e.g., Python, Bash) for automating security tasks is highly desirable. You will also be involved in developing security policies and procedures, and contributing to incident response planning.

The ideal candidate will possess a Bachelor's degree in Computer Science, Cybersecurity, or a related field, with a minimum of 5 years of experience in information security, specifically in penetration testing and vulnerability management. Professional certifications such as OSCP, CEH, CISSP, or equivalent are strongly preferred. You must have a strong ethical hacking mindset, excellent analytical and problem-solving skills, and the ability to clearly communicate complex technical findings to both technical and non-technical audiences. Experience with various operating systems, network protocols, and security tools is essential. This is an exciting opportunity to contribute to the security posture of a growing organisation in **Plymouth**, protecting critical digital assets and ensuring the integrity of sensitive data. Our client offers a dynamic work environment, opportunities for professional development, and competitive compensation.

Our client is seeking a highly skilled and experienced Senior Information Security Analyst with a specialisation in Penetration Testing to join their dynamic security team in **Sheffield, South Yorkshire, UK**. This role is crucial for proactively identifying vulnerabilities and ensuring the security posture of our organisation's systems, networks, and applications. You will be responsible for conducting thorough penetration tests, analysing findings, and providing actionable recommendations to mitigate risks. The ideal candidate will possess a deep understanding of offensive security techniques and a passion for staying ahead of emerging threats.

Key Responsibilities:

• Conduct comprehensive penetration tests on networks, web applications, mobile applications, and cloud environments.
• Perform vulnerability assessments and analyse security weaknesses using a variety of tools and methodologies.
• Develop and execute custom scripts and tools to aid in penetration testing activities.
• Document test methodologies, findings, and recommendations clearly and concisely.
• Present test results and remediation strategies to technical teams and management.
• Stay up-to-date with the latest penetration testing techniques, tools, and security vulnerabilities.
• Assist in the development and maintenance of security testing policies and procedures.
• Collaborate with incident response teams to understand attack vectors and improve defences.
• Mentor junior security analysts and provide technical guidance.
• Participate in security architecture reviews and provide input on secure design principles.
• Research and stay informed about emerging threats and attack vectors relevant to the industry.
• Contribute to the continuous improvement of the security testing program.
• Maintain an up-to-date understanding of regulatory compliance requirements impacting security testing.
• Build and maintain lab environments for security testing.

Qualifications and Skills:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
• 5+ years of experience in information security, with a strong focus on penetration testing and vulnerability assessment.
• Demonstrated expertise in various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, Kali Linux).
• Proficiency in at least one scripting or programming language (e.g., Python, Bash, PowerShell).
• Strong understanding of network protocols, operating systems, and web application security.
• Experience with cloud security testing (AWS, Azure, GCP) is a significant advantage.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills, with the ability to explain complex technical issues to various audiences.
• Relevant security certifications such as OSCP, CEH, CISSP, or GIAC certifications are highly desirable.
• Ability to work effectively both independently and as part of a team.

This hybrid role requires regular presence at our **Sheffield, South Yorkshire, UK** office for collaborative tasks and team meetings, with the flexibility for remote work on other days. You will be part of a committed team dedicated to maintaining a secure digital environment.

Our client is seeking a highly skilled Senior Information Security Analyst with a specialization in Penetration Testing. This role is fully remote, allowing you to contribute to a robust cybersecurity posture from anywhere in the UK. You will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and providing expert recommendations to mitigate risks across the organization's IT infrastructure. This includes performing penetration tests, vulnerability scans, and security audits to ensure the confidentiality, integrity, and availability of sensitive data. You will work closely with IT and development teams to implement security controls and enhance the overall security resilience.

Key responsibilities include:

• Planning, executing, and reporting on penetration tests of networks, applications, and systems.
• Identifying and analyzing security vulnerabilities and weaknesses.
• Developing detailed remediation plans and providing expert guidance to technical teams.
• Conducting vulnerability assessments and security configuration reviews.
• Researching and staying current with the latest security threats, vulnerabilities, and attack vectors.
• Developing and maintaining security testing tools and methodologies.
• Collaborating with IT and development teams to implement security best practices.
• Participating in incident response activities as needed.
• Contributing to the development and enhancement of the organization's security policies and procedures.
• Mentoring junior security analysts and sharing knowledge within the team.

The ideal candidate will have extensive experience in penetration testing and ethical hacking, with a strong understanding of cybersecurity principles and frameworks. Proven expertise in various testing tools and techniques (e.g., Metasploit, Burp Suite, Nmap) is essential. Excellent analytical, problem-solving, and reporting skills are required. Professional certifications such as OSCP, CEH, CISSP, or equivalent are highly desirable. Strong communication and collaboration skills are necessary for effective interaction with technical and non-technical stakeholders. This is a remote-first position, requiring excellent self-management, autonomy, and the ability to work effectively within a distributed team. Your expertise will be crucial in safeguarding our client's digital assets.

Description
Amazon's Penetration Testing organization is growing and is seeking a Penetration Testing Manager to help keep Amazon secure for its customers. In this role, you will be responsible for leading a team of highly skilled penetration testers to assess Amazon's services, applications, and websites. This role will provide you with challenging leadership and technical opportunities, and if hacking Amazon sounds exciting to you, will also be a lot of fun.
You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to drive improvements to services, processes, and technologies throughout the company, with the ultimate goal of ensuring the continued safety and security of our customers.
You will be focused on using your leadership and technical skills to continually lead the direction and evolution of the team and orchestrate penetration testing engagements in order to maintain and raise Amazon's high security bar. Additionally, you'll be driving strategic initiatives from your team by influencing key stakeholders and partnering with teams throughout Amazon to enable the implementation of innovative security solutions and controls to improve Amazon's security and software development posture. You'll be backed up by a team of highly skilled security engineers focused on attacking Amazon from a variety of perspectives, all working with a singular focus on maintaining our customer's trust. You must also demonstrate resilience and navigate ambiguous situations with composure and tact. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its Customers secure.
Key job responsibilities
- Lead, manage, and develop a high performing technical Penetration Testing Team distributed across multiple locations
- Lead the strategic direction and evolution of the Penetration Testing Team, including setting goals and establishing priorities
- Drive strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout Amazon
- Lead effective teamwork, communication, collaboration and commitment across multiple disparate groups with competing priorities
- Lead improvements to internal program and process
- Write and deliver high-quality documents for technical and non-technical audiences
About the team
About Amazon Security
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Basic Qualifications
- Experience in managing and developing teams
- Experience as a mentor, tech lead or leading an engineering team, or experience managing teams
- Experience driving security programs across large diverse organizations
- Experience communicating across technical and non-technical audiences, including executive level stakeholders or clients
- 5+ years of experience in Information Security related domains, with knowledge of security fundamentals, application vulnerabilities, application attack vectors, penetration testing methodologies, and tools
Preferred Qualifications
- Experience leading across multiple locales
- Experience dealing well with ambiguity, prioritizing needs, and delivering measurable results in an agile environment
- Experience communicating technical details verbally and in writing
- Ability to handle multiple competing priorities in a fast-paced, deadline-driven environment
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Our client, a leading cybersecurity firm committed to protecting digital assets, is seeking a highly skilled Senior Information Security Analyst with a specialization in Penetration Testing to join their elite team on a fully remote basis. This role is critical in identifying vulnerabilities and strengthening the security posture of our diverse client base.

The successful candidate will conduct in-depth penetration tests, vulnerability assessments, and security audits across various networks, applications, and systems. You will be responsible for simulating real-world attacks to uncover weaknesses before malicious actors can exploit them. This position demands a proactive mindset, exceptional technical acumen, and a deep understanding of threat landscapes.

Key Responsibilities:

• Plan, execute, and report on comprehensive penetration tests and vulnerability assessments for external and internal networks, web applications, mobile applications, and cloud environments.
• Utilize a wide range of security tools and methodologies (e.g., Metasploit, Burp Suite, Nmap, Wireshark) to identify security flaws.
• Perform manual testing to uncover complex vulnerabilities that automated tools may miss.
• Analyze findings, provide detailed technical explanations, and develop practical, actionable remediation recommendations.
• Develop clear, concise, and professional security assessment reports for technical and non-technical stakeholders.
• Stay current with the latest security threats, vulnerabilities, attack vectors, and penetration testing techniques.
• Mentor and guide junior security analysts, fostering their professional development.
• Collaborate with client security teams to facilitate the remediation process.
• Contribute to the development and refinement of the company's penetration testing methodologies and services.
• Maintain ethical conduct and confidentiality throughout all engagements.

Essential Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent practical experience.
• A minimum of 5 years of experience specifically in penetration testing and vulnerability assessment.
• Proven experience with common security testing tools and frameworks.
• Strong understanding of networking protocols, operating systems (Windows, Linux), web application security, and cloud security concepts.
• Demonstrable experience in identifying and exploiting common vulnerabilities (e.g., OWASP Top 10).
• Excellent analytical, problem-solving, and critical thinking skills.
• Superb written and verbal communication skills, with the ability to effectively document and present technical findings.
• Relevant industry certifications such as OSCP, CEH, CISSP, GPEN, or GWAPT are highly desirable.
• Ability to work autonomously and manage time effectively in a remote work environment.

This is a remote opportunity offering the flexibility to work from anywhere while contributing to critical cybersecurity initiatives.

Our client is seeking a highly skilled and experienced Senior Penetration Tester to join their established Information Security team. This role is based in **Nottingham, Nottinghamshire, UK**, and operates on a hybrid model, offering a blend of office-based and remote work. You will be responsible for conducting in-depth security assessments of client systems, networks, and applications to identify vulnerabilities and provide actionable recommendations for remediation. This involves simulating real-world cyber-attacks to test the effectiveness of security controls and identify potential weaknesses before malicious actors can exploit them. The ideal candidate will possess a deep understanding of offensive security techniques, network protocols, and common attack vectors. You will be expected to produce detailed reports of your findings, communicate technical risks clearly to both technical and non-technical stakeholders, and advise clients on improving their overall security posture. Certifications such as OSCP, CEH, or CISSP are highly desirable.

Key Responsibilities:

• Plan and execute penetration tests on web applications, mobile applications, networks, and infrastructure.
• Identify security vulnerabilities and weaknesses using a variety of manual and automated tools.
• Simulate advanced persistent threats (APTs) and other sophisticated attack scenarios.
• Document findings thoroughly in comprehensive penetration test reports, including detailed descriptions of vulnerabilities and actionable remediation steps.
• Present findings and recommendations to clients, including technical teams and senior management.
• Provide expert advice on security best practices and strategies to enhance client security posture.
• Stay current with the latest threat landscape, attack techniques, and security technologies.
• Develop custom tools and scripts to aid in the penetration testing process.
• Collaborate with internal security teams to improve testing methodologies and processes.
• Mentor junior penetration testers and share knowledge within the team.

Qualifications and Skills:

• Minimum of 5 years of experience in penetration testing and ethical hacking.
• Proven ability to conduct comprehensive security assessments across diverse environments.
• In-depth knowledge of common vulnerabilities (e.g., OWASP Top 10) and exploitation techniques.
• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, etc.
• Strong understanding of network protocols, operating systems (Windows, Linux), and security infrastructure.
• Excellent written and verbal communication skills, with the ability to articulate complex technical information clearly.
• Relevant security certifications (e.g., OSCP, CEH, CISSP) are highly preferred.
• Experience in scripting languages (e.g., Python, Bash) is a strong asset.
• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.

Our client is a leading cybersecurity firm seeking a highly skilled Senior Penetration Tester to bolster its offensive security team. This is a critical role focused on identifying vulnerabilities and weaknesses in client systems through simulated cyberattacks. The ideal candidate will possess a deep understanding of security principles and a passion for ethical hacking. This role is fully remote, allowing you to contribute to global security initiatives from your home office.

Responsibilities:

• Conduct comprehensive penetration tests against web applications, networks, cloud environments, and mobile applications.
• Identify, exploit, and document security vulnerabilities using a variety of tools and techniques.
• Perform vulnerability assessments and provide detailed reports on findings, including risk analysis and remediation recommendations.
• Develop and maintain testing methodologies and procedures.
• Collaborate with development and IT teams to ensure timely remediation of identified vulnerabilities.
• Stay abreast of the latest threats, vulnerabilities, and penetration testing techniques.
• Communicate complex technical findings clearly and concisely to both technical and non-technical audiences.
• Contribute to the development of security tools and scripts.
• Mentor junior members of the security team.
• Assist in incident response activities when necessary.
• Ensure compliance with industry standards and best practices.

Qualifications:

• Minimum 5 years of experience in penetration testing or ethical hacking.
• Strong understanding of network protocols, operating systems, and web application security.
• Proficiency with various penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
• Experience with scripting languages (e.g., Python, PowerShell) is highly desirable.
• Relevant security certifications such as OSCP, CEH, CISSP, or GIAC.
• Excellent analytical and problem-solving skills.
• Strong written and verbal communication skills.
• Ability to work independently and as part of a remote team.
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.

This position is ideal for a seasoned security professional looking to make a significant impact in the cybersecurity landscape from Edinburgh, Scotland, UK , or anywhere remotely within the UK. If you thrive on challenging security puzzles and possess a proactive security mindset, we want to hear from you.