For the best user experience please upgrade your browser

Careers at Pen Test Partners

We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you?

PTP is acutely aware of the lack of diversity in our industry, and are keen to address that.

We are an equal opportunities employer, welcoming applications from people from all walks of life.

It’s very simple, if you have the skills and experience we’d love to talk with you.

Our purpose and values

We have a purpose statement and values which we strive to live by. Please take the time to read and absorb them. They’re important to us.

What you can expect from us

  • Competitive salary based on experience
  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Time and resource for research / pet projects / blogging
  • Financing available for training and conference attendance
  • EV lease salary sacrifice scheme on completion of probation
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

PTP works with clients globally providing cyber security consultancy and testing services. We work in the most cutting-edge industries, including automotive, aviation, and maritime.

Roles:

All roles are UK based.

How to apply

Send your CV with a covering email to:

By submitting your CV you are confirming you have read and understood our privacy policy and authorise us to keep your CV on file for 6 months in case future job opportunities arise.

Back To Roles▲

Security Consultant

We are seeking an enthusiastic security consultant, who is eager to learn to join our team.  Working alongside some of the best hacking minds in the country, you’ll be delivering pen testing services to clients across all sectors.

You will need:

  • A minimum of 2 years experience delivering pen test services
  • To be proficient in infrastructure and web application testing, experience in API testing is desirable
  • Hold or previously held an industry recognised certification (this can be at any level from OSCP to CTL equivalent)

You will be:

  • Reporting into a managing security consultant where you will be delivering pen testing services, from presales through to delivery and debriefs
  • Assisting on scoping and QA
  • Contributing towards research projects and our internal knowledge sharing hubs

Our consultants aren’t just limited to working on web and infrastructure engagements. You’ll have the opportunity to get involved in some more of our niche areas and who knows, you might even find yourself hacking a ship one day.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, training platforms including A cloud Guru, HTB, TryHackMe, and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Hardware Security Consultant

We are seeking a hardware security consultant, who is eager to learn, to join our team.  Working alongside some of the best hacking minds in the country you’ll be delivering a mixture of hardware and pen testing services to clients across all sectors.

You will need:

  • Strong skills in web application, API and mobile testing
  • Excellent ability to learn new technologies, systems, and languages
  • A keen interest in embedded systems and hardware
  • Demonstrated hardware security skills either in professional or hobbyist sphere
  • Strong network protocol analysis using tools such as Wireshark
  • An understanding of reverse engineering, experience using tools such as IDA and Ghidra, with particular focus on ARM architecture

Desirable:

  • Ability to code in various languages, particularly C and Python
  • An understanding of cryptography and common mistakes made
  • Experience of working with a variety of SoC and microprocessors

You will be:

  • Reporting into the head of hardware delivering hardware and pen testing services, from presales through to delivery and debrief
  • Assisting on scoping and QA
  • Contributing towards research and our internal knowledge sharing hubs
  • Helping to upskill others into the hardware team

Here are some examples of the services you may provide to clients:

  • Penetration testing of a cloud-connected consumer IoT system including the device, messaging platforms, infrastructure, and mobile application
  • Producing a threat model for a complex system such as a crypto wallet, aiming to uncover inherent outstanding risks in the design and implementation
  • Reviewing custom cryptographic systems to identify common issues such as hardcoded keys, use of insecure block modes, unauthenticated encryption, and use of deprecated algorithms
  • Testing routers and other networking equipment before they are deployed across Critical National Infrastructure, to ensure that they are suitably protected from physical attack and contain no secrets that can impact the wider system
  • Working with the ICS team to perform lab-based testing of complex control systems used in Critical National Infrastructure, allowing more aggressive and invasive techniques to be used than in traditional ICS environments
  • Reverse engineering the protocol used in a legacy specialised machine tool to allow it to be serviceable long into the future
  • Attempting to bypass a custom digital rights management system to provide assurance that their product is adequately secure
  • Testing network segmentation and infrastructure on a variety of ships, including cruise ships and oil rigs

We recognise that the tasks carried out by members of the hardware team are varied and challenging and we do not expect any member of the team to know everything. We operate as a team, providing advice, guidance and mentoring to each other.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, A cloud Guru, HTB, TryHackMe and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though we may ask you into the lab to work on pieces of hardware. Some onsite travel to client sites (including international) may also be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Agencies, please read…

Any CVs received from agencies with whom we do not already have terms will be considered a gift.