Job Specifications
Overview
We are supporting the growth of a number of cyber security consultancies in the UK delivering high assurance penetration testing services across government, defence, and commercial sectors. As part of this expansion, multiple opportunities are available for experienced Penetration Testers operating within the CHECK scheme.
These positions are suited to professionals working at CHECK Team Member (CTM) or CHECK Team Leader (CTL) level, particularly individuals with a strong background in Web Application security testing.
The roles involve delivering technical testing engagements, supporting the planning and scoping of assessments, and producing clear, high quality reports for clients operating within highly regulated environments.
Due to the nature of the work, active UK SC Security Clearance is required, these roles are only open to sole British nationals.
Key Responsibilities
• Deliver CHECK accredited penetration testing engagements, with a particular focus on web application security testing.
• Conduct technical assessments across a variety of environments including web applications, APIs, infrastructure, cloud platforms, and Active Directory.
• Support the scoping and planning of security assessments, working alongside internal teams and client stakeholders to define engagement objectives.
• Where operating at CTL level, lead testing engagements and coordinate delivery across multiple assignments.
• Produce clear and comprehensive technical reports, outlining identified vulnerabilities, exploitation techniques, and remediation recommendations.
• Contribute to internal quality assurance and peer review processes to ensure consistent delivery standards.
• Maintain up to date awareness of emerging threats, vulnerabilities, and developments within the web application and broader cyber security landscape.
• Support the evolution of internal testing methodologies, tooling, and technical capability.
• Provide guidance and support to junior consultants and developing team members where appropriate.
• Engage with clients during engagements to communicate findings and provide practical remediation advice.
Technical Focus Areas
Candidates should demonstrate experience across several of the following areas:
• Web application penetration testing aligned with OWASP methodologies
• Authentication and access control testing
• API security testing
• Manual testing techniques including business logic assessments
• Infrastructure and network security testing
• Active Directory security assessments
• Cloud security testing within environments such as AWS, Azure, or Google Cloud Platform (GCP)
• Experience using tools such as Burp Suite, Nmap, Metasploit, and similar security testing frameworks
Qualifications and Experience
• CHECK Team Member (CTM) or CHECK Team Leader (CTL) certification, or equivalent demonstrable experience.
• Current holder of, or eligible to obtain, UK Security Clearance (SC).
• Strong understanding of web technologies, application architectures, and networking fundamentals.
• Practical experience working with Linux and Windows environments.
• Familiarity with recognised frameworks including the OWASP Testing Guide and OWASP Top 10.
• Knowledge of cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).
• Experience with scripting or development languages, such as Python, Bash, or JavaScript.
• Understanding of cyber security standards including ISO 27001, CIS Controls, and PCI DSS.
• Ability to analyse technical findings and clearly communicate outcomes to clients through structured reporting.
• Strong analytical, communication, and troubleshooting skills.
What We Are Looking For
Successful candidates will demonstrate:
• Strong technical curiosity and interest in security research
• The ability to work independently as well as collaboratively within testing teams
• Confidence engaging with technical and non technical stakeholders
• A commitment to continual professional development within cyber security
About the Company
CSP: Your Global Partner in Cybersecurity Talent Acquisition
Our mission is to connect leading organizations with top-tier professionals who are not just skilled but are true pioneers in their field. We go beyond Keyword-Matching: taking a deeper approach to recruitment:
• Our Distinctive Edge: What sets CSP apart is our unique combination of cybersecurity qualifications and extensive experience in talent acquisition, for instance, all our consultants are BCS-CISMP Certified. We don’t just understand the language of cybers...
Know more