For the best user experience please upgrade your browser

Careers at Pen Test Partners

We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you?

PTP is acutely aware of the lack of diversity in our industry, and are keen to address that.

We are an equal opportunities employer, welcoming applications from people from all walks of life.

It’s very simple, if you have the skills and experience we’d love to talk with you.

Our vision and values

We have a vision statement and values which we strive to live by. Please take the time to read and absorb them. They’re important to us.

What you can expect from us

  • Competitive salary based on experience
  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Time and resource for research / pet projects / blogging
  • Financing available for training and conference attendance
  • EV lease salary sacrifice scheme on completion of probation
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

PTP works with clients globally providing cyber security consultancy and testing services. We work in the most cutting-edge industries, including automotive, aviation, and maritime.

Roles:

All roles are UK based.

How to apply

Send your CV with a covering email to:

By submitting your CV you are confirming you have read and understood our privacy policy and authorise us to keep your CV on file for 6 months in case future job opportunities arise.

Back To Roles▲

Security Consultant

We are seeking an enthusiastic security consultant, who is eager to learn to join our team.  Working alongside some of the best hacking minds in the country, you’ll be delivering pen testing services to clients across all sectors.

You will need:

  • A minimum of 2 years experience delivering pen test services
  • To be proficient in infrastructure and web application testing, experience in API testing is desirable
  • Hold or previously held an industry recognised certification (this can be at any level from OSCP to CTL equivalent)

You will be:

  • Reporting into a managing security consultant where you will be delivering pen testing services, from presales through to delivery and debriefs
  • Assisting on scoping and QA
  • Contributing towards research projects and our internal knowledge sharing hubs

Our consultants aren’t just limited to working on web and infrastructure engagements. You’ll have the opportunity to get involved in some more of our niche areas and who knows, you might even find yourself hacking a ship one day.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, training platforms including A cloud Guru, HTB, TryHackMe, and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Hardware Security Consultant

We are seeking a hardware security consultant, who is eager to learn, to join our team.  Working alongside some of the best hacking minds in the country you’ll be delivering a mixture of hardware and pen testing services to clients across all sectors.

You will need:

  • Strong skills in web application, API and mobile testing
  • Excellent ability to learn new technologies, systems, and languages
  • A keen interest in embedded systems and hardware
  • Demonstrated hardware security skills either in professional or hobbyist sphere
  • Strong network protocol analysis using tools such as Wireshark
  • An understanding of reverse engineering, experience using tools such as IDA and Ghidra, with particular focus on ARM architecture

Desirable:

  • Ability to code in various languages, particularly C and Python
  • An understanding of cryptography and common mistakes made
  • Experience of working with a variety of SoC and microprocessors

You will be:

  • Reporting into the head of hardware delivering hardware and pen testing services, from presales through to delivery and debrief
  • Assisting on scoping and QA
  • Contributing towards research and our internal knowledge sharing hubs
  • Helping to upskill others into the hardware team

Here are some examples of the services you may provide to clients:

  • Penetration testing of a cloud-connected consumer IoT system including the device, messaging platforms, infrastructure, and mobile application
  • Producing a threat model for a complex system such as a crypto wallet, aiming to uncover inherent outstanding risks in the design and implementation
  • Reviewing custom cryptographic systems to identify common issues such as hardcoded keys, use of insecure block modes, unauthenticated encryption, and use of deprecated algorithms
  • Testing routers and other networking equipment before they are deployed across Critical National Infrastructure, to ensure that they are suitably protected from physical attack and contain no secrets that can impact the wider system
  • Working with the ICS team to perform lab-based testing of complex control systems used in Critical National Infrastructure, allowing more aggressive and invasive techniques to be used than in traditional ICS environments
  • Reverse engineering the protocol used in a legacy specialised machine tool to allow it to be serviceable long into the future
  • Attempting to bypass a custom digital rights management system to provide assurance that their product is adequately secure
  • Testing network segmentation and infrastructure on a variety of ships, including cruise ships and oil rigs

We recognise that the tasks carried out by members of the hardware team are varied and challenging and we do not expect any member of the team to know everything. We operate as a team, providing advice, guidance and mentoring to each other.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, A cloud Guru, HTB, TryHackMe and many more resources
  • Paid training & exams

Back To Roles▲

Information Security Officer

Hybrid (Home and Office). Pen Test Partners / PTP, Verney Junction Business Park, Buckingham MK18 2LB. Flexible working options available.

Reporting to Head of IT.

Pen Test Partners works with clients globally providing cyber security consultancy and testing services. We work with the most cutting-edge industries, including Automotive, Aerospace, and Maritime.

With over 120 employees across pen testing, consultancy, digital forensics, sales and support functions, we pride ourselves in working on cool research, delivering exceptional work for our customers, helping the greater good of cyber security, enabling people to sleep better at night.

The IT team at PTP are expanding and have created a new role to complement the current team. The role of Information Security Officer will be working in close collaboration with the IT team and numerous internal and external stakeholders. This role will contribute to all aspects of information security at PTP including the development, maintenance, and monitoring of our Information Security Management System (ISMS), provide continuous improvement in existing business processes and activities through provision of advice and guidance to business functions.

Role Requirements:

  • Define and ensure security best practices and standards are embedded and followed and support the business in identifying new and emerging compliance, and regulatory requirements
  • Plan, develop and maintain the current Information Security Management System (ISMS)
  • Support the continuing development and improvement of the businesses Policies and standards
  • Work with external auditors and internal teams during assessments to maintain accreditations such as ISO27001 and Cyber Essentials.
  • Contribute to the dissemination of security documentation and practices
  • Support the sales teams in responding to security assurance requests, and security related aspects of RFPs and other formal tender responses.
  • Working with the IT team, maintain and improve incident response and disaster recovery plans
  • Support in the management of risk assessments and threat/vulnerability mitigations
  • Collaborate with IT and others to collect, analyse and report metrics and analysis to monitor security controls’ efficiency and effectiveness
  • Take part in discussions with stakeholders and managers about cybersecurity issues, recommendations, and plans, as well as any audit support
  • Work alongside the IT team to provide operational security control support and monitoring.
  • Provide reports about security controls, compliance and incidents
  • Ensure consistent compliance through an ongoing internal audit program
  • Monitor ongoing security awareness and training activity

Skills and Experience:

  • Minimum 3 years of security-related work experience
  • Demonstrable experience and knowledge of cybersecurity, risk management and security controls
  • Experience in developing and / or maintaining an information security management system (ISMS)
  • Suitable SecOps experience operating point security solutions, patch management, anti-malware etc.
  • Experience of security relating to cloud and SaaS environments, and familiarity with Azure and AWS environments.
  • ISO27001 Lead Implementer

Desirable:

  • Formal information security certifications or qualifications (e.g. BSc or MSc in Information Security, CISSP, CISM, CRISC)
  • Knowledge of the following frameworks, accreditations and regulations – TISAX, HIPAA, SOX, UNECE R155, NIST CSF, CSA CCM, ISO 17025, GDPR

Current benefits include:

  • Competitive salary based on experience
  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Financing available for training and conference attendance
  • EV lease salary sacrifice scheme on completion of probation
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

Back To Roles▲

Client Support Executive

Overview:

The role of Client Support is to give PTP’s clients exceptional service, and provide administrative support to the allocated Account Manager(s) during the sales and delivery process. It also involves identifying (proactively and reactively) opportunities for additional business and referrals to be driven by the Account Manager(s).

Success is measured on a range of things that may include customer service matrix and other deliverables, and rewarded by way of salary and KPI related bonuses.

This role involves order processing and pre-delivery administration as well as pre-sales support for the allocated Account Manager(s). It can be a gateway to a Trainee Sales position (External Account Executive) or an internal Management role.

Role and responsibilities:

Reporting to the Client Support Manager whilst working closely with your designated Account Manager(s) you will be responsible for pre and post sales support. This includes end-to-end correlation and processing of documentation to ensure the successful delivery of client projects. It includes:

  • Processing of client’s sales orders and liaising with clients to ensure we have all necessary documentation including: New Client Forms, Purchase Orders, Contracts, Authorisation Forms and Project related contact details etc
  • Dealing effectively and promptly with sales orders, leads and general enquiries from clients, Sales Team and others.
  • Clear and effective communication with client’s, Sales and Technical Teams and other business colleagues by all methods.
  • Ensuring Sales Force and other internal business systems are kept up to date
  • Collecting accurate scoping information and related documentation
  • Assisting with the creation of Sales Proposals/Statement of Works
  • Raising scheduling cases to the Scheduling Team with clear precise information for efficient booking of client’s projects with the technical consultants.
  • Assisting with the project management of larger testing projects.
  • Supporting with ‘post-sales’ deliverables including arranging post-test calls and meetings etc
  • Provide Finance with all invoicing information to raise invoices for completed projects
  • Efficiently handle and record client’s hardware for testing
  • Supporting other parts of the business with timely information
  • Actively participate in steering groups, internal projects and attend events
  • Continuously identify opportunities for process improvements and provide feedback to enhance the efficiency and effectiveness of the Client Support team and their work

You will be liaising regularly with members of PTPs sales, scheduling team, scoping, technical delivery, professional services/consultancy, and finance teams as part of this interesting and diverse role.

Measurables & KPI’s:

The compensation plan for this role will be made up of a salary, bonuses and KPI’s based on pre-defined monthly, quarterly and/or annual objectives aligned to both individual accounts and team related targets.

Qualities/Experience

  • Knowledge or experience of the cyber security industry is an advantage
  • Strong customer service experience and a commitment to delivering exceptional client engagements. Experience within a similar Sales Support/Account Management role
  • Excellent communication and interpersonal skills, with the ability to build rapport and collaborate with clients, colleagues, consultants and other areas of the business.
  • Good listening skills
  • Strong organisational skills with attention for detail together with the ability to multitask effectively
  • Ability to work under pressure and meet deadlines while maintaining a high level of accuracy and professionalism
  • Adaptable, with experience of working in a challenging, varied and demanding environment.
  • Problem analysis and problem-solving mindset
  • Computer literate with knowledge of MS Office, CRM’s and general internet applications
  • Being a Team Player

Back To Roles▲

Senior Digital Forensic and Incident Response Analyst

Overview:

We are seeking a skilled Digital Forensic and Incident Response Analyst with a robust background in system administration and networking with a security focus. The ideal candidate will possess expertise in investigating cyber incidents, mitigating threats, and implementing proactive measures. Proficiency in handling DDoS attacks, coupled with a keen understanding of threat intelligence, is essential.

Responsibilities:

  • Conduct digital forensics investigations to analyse and respond to cyber incidents.
  • Collaborate with client cross-functional teams to identify and mitigate security threats promptly.
  • Utilise knowledge of system administration and networking to lead mitigation and containment strategies during an active incident.
  • Lead Investigations and response to incidents related to DDoS attacks, good understanding of WAF and Firewall capabilities.
  • Maintain internal incident response plans, playbooks, and procedures for effective handling of security incidents.
  • Stay current with emerging threats and vulnerabilities, providing insights to enhance proactive security measures.
  • Work closely with threat intelligence sources to stay informed about the evolving cybersecurity landscape.
  • Support the development of new product offerings along with necessary documentation such as data sheets and methodologies.
  • Perform compromise assessments via agent based, forensic collectors and log queries.
  • Deliver training and paper-based assessments to clients.

Qualifications:

  • Proven experience in digital forensics and incident response.
  • Strong background in system administration and networking.
  • Familiarity with threat intelligence sources and the ability to translate intelligence into actionable responses.
  • Proficiency in using forensic tools and methodologies.
  • Certifications such as GCFA, GCIH, CISSP, Microsoft, Cisco or equivalent are preferred.
  • Excellent communication skills with the ability to convey technical information to non-technical stakeholders.
  • Strong problem-solving and analytical skills.
  • Ability to work under pressure and respond to incidents in a timely manner.

Back To Roles▲

Agencies, please read…

Any CVs received from agencies with whom we do not already have terms will be considered a gift.