For the best user experience please upgrade your browser

Careers at Pen Test Partners

We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you?

We at PTP are acutely aware of the lack of diversity in our industry, and are keen to address that.

We are an equal opportunities employer, welcoming applications from people from all walks of life.

It’s very simple, if you have the skills and experience we’d love to talk with you.

What you can expect from us

  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Time and resource for research / pet projects / blogging
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

Roles:

All roles are UK based.

How to apply

Send your CV with a covering email to:

By submitting your CV you are confirming you have read and understood our privacy policy and authorise us to keep your CV on file for 6 months in case future job opportunities arise.

Back To Roles▲

Mid Level Pen Testing Consultant

  • A minimum of 2 years of delivering high quality pen testing services
  • Infrastructure, web application as a minimum
  • Manage and deliver complex engagements
  • CTM equivalent qualification (CRT/CSTM etc) as a minimum

Key Responsibilities:

  • Performing a wide range of penetration testing, of different service types on a variety of common and bespoke platforms
  • Help mould and evolve current test service offerings
  • Knowledge sharing within the technical team
  • Using your experience to train current and future junior members
  • Gain further accreditations or stay up to date with current ones depending on the business needs

Desirable:

  • Speciality testing in areas such as mobile testing / Kubernetes / code review
  • Proficient in at least one cloud platform (AWS / Azure / GCP)
  • Interest to perform research in the cyber security field

We may ask you to attempt some CTF style exercises as part of the application process.

Back To Roles▲

Senior Level Pen Testing Consultant

  • A minimum of 5 years of delivering high quality pen testing services
  • Infrastructure, web application and API testing as a minimum
  • Proficient in at least one cloud platform (AWS / Azure / GCP)
  • Manage and deliver complex engagements
  • CTL equivalent qualification (or close to being exam ready)
  • Experience helping with QA and scoping process.

Key Responsibilities:

  • Performing a wide range of penetration testing, of different service types on a variety of common and bespoke platforms
  • Help mould and evolve current test service offerings
  • Knowledge sharing within the technical team
  • Using your experience to train current and future junior members
  • Gain further accreditations or stay up to date with current ones depending on the business needs

Desirable:

  • Speciality testing in areas such as mobile testing / Kubernetes / code review
  • Proficient in at least one cloud platform (AWS / Azure / GCInterest to perform research in the cyber security field

We may ask you to attempt some CTF style exercises as part of the application process.

Back To Roles▲

Red Team Support

Role overview:

The Pen Test Partners (PTP) Red Team are looking for someone to join them in a support capacity. This role requires a mix of technical and client-facing skills and will involve:

  • Assisting with daily internal Red Team enquiries
  • Writing up proposals / Statements of Work based on scoping calls
  • Assisting with scheduling jobs
  • Joining scoping calls with clients, to:
    • Understand client needs
    • Go through the Red Team scoping questionnaire and record responses
    • Record sufficient notes to write a proposal / Statement of Work

Role requirements

Essential

  • Sales experience
  • Technically minded
  • Ability to learn quickly
  • Client Facing skills
  • Strong Team Player
  • Excellent document preparation and editing skills
  • Motivated to learn independently

Desirable

Knowledge of the following topics, their purpose, plus why and how they are used:

  • Red Teaming
  • Purple Teaming
  • OSINT
  • Phishing
  • Threat Actors and Threat Simulation
  • Blue Teaming and SOC

It would also be advantageous to have background knowledge of and / or experience with:

  • VPN, Cloud, Firewalls, IDS, EDR, Encryption
  • Assessment Frameworks (*BEST, TIBER, *CASE, STAR)
  • Testing Tools
  • Various Operating Systems

Back To Roles▲

Digital Forensic & Incident Response (DFIR) Consultant

A great opportunity for the right candidate(s)

Must haves:

A minimum of 1-2 years’ experience in the delivery of commercial DFIR investigations.

A thorough understanding of forensic technologies and experience conducting forensic acquisition using hardware and software solutions (such as Tableau write blockers, FTK Imager, Encase and forensic boot distros).

Experience conducting triage of forensically collected data, taking contemporaneous notes in a digital forensic environment. The ideal candidate will be comfortable acquiring and processing incoming case evidence for digital forensic and incident response jobs in preparation for full analysis.

Knowledge of Incident Response methodologies from initial engagement through deployment to eradication and recovery.

Understanding of cloud-based environments and the knowledge of and how to extract evidential data (including logs etc) from storage environments such as AWS, Azre and M365.

A basic understanding of networking technologies including (but not limited) to TCP/IP, Common protocols (HTTP, FTP, SSH etc), common ports, VPN and Remote Access Technologies.

Comfortable in reviewing and enhancing clients documented processes to assist in resolving incidents effectively.

Running tabletop exercises with clients to expand their knowledge of reacting to an incident.

Nice to haves: (Training in these areas will be provided as part of an ongoing development program of the candidate).

Experience in conducting root cause analysis (RCA) or full DFIR investigation of Windows, Apple and Linux operating systems.

Memory forensics and conducting malware analysis using tools such as Volatility. Advanced understanding of x86 and x64 machine code and code execution in Windows and Linux environments.

An understanding of network technologies and DFIR response methodologies used to assess and protect them. This includes understanding of specific platform technologies such as SAN infrastructure or 802.11 networks and how the DFIR processes apply.

Additional areas of Interest:

Any specialist forensic knowledge such as mobile investigations, embedded systems, malware analysis etc is of additional interest.

Software Packages:

Not all software listed below is required (and this list is not exhaustive), however the ideal candidate will have some working knowledge of these applications and can demonstrate proficiency in their use whilst conducting DFIR engagements.

  • EnCase
  • FTK (& FTK Imager)
  • CAINE (or other forensic boot distro)
  • Volatility
  • Velociraptor
  • Infocyte
  • IOC identification Tools (such as Loki, Thor, FastIR etc).
  • LiveView
  • Autopsy
  • SleuthKit

Additionally, any knowledge of command scripting with respect to DFIR in the following languages is an advantage:

  • PowerShell
  • VBScript
  • Bash
  • JavaScript
  • Auto IT

Back To Roles▲

GRC Cyber Security Consultant (Trainee)

Due to our success, we are expanding our Governance, Risk and Compliance Consulting team so are looking for a self-motivated, ambitious trainee Junior Governance, Risk and Compliance Consultant to join the team.  This is a permanent position , offering advancement dependant on progress and performance.

This is an exciting opportunity where you will have the opportunity to gain valuable experience in a leading cyber security company.  Whilst this will be a challenging position you will be working in a learning environment with the support and experience of skilled professionals and the autonomy to manage your own projects.

The successful candidate will be home based with the requirement of some office and client site visits dependant on client / job requirement.

About You

You will need:

  • a Cyber Security Degree or similar qualification (however might accept a good level of prior knowledge)
  • experience with research and analytical skills
  • basic knowledge of GRC concepts and Cyber security, some experience would be an advantage
  • excellent communication and analytical skills
  • a proven ability to work with people of all levels both technical and non-technical
  • attention to detail with the confidence to seek knowledge and ask questions
  • enthusiasm and willingness to learn and develop skills to a higher level

Main Responsibilities

The role carries a variety of responsibilities that include, but are not limited to:

  • Project support across a diverse client base
  • Auditing and regulatory support (e.g. ISO 27001, PCI DSS, CE+ GDPR)
  • Support regarding industry frameworks (e.g. NIST, CAA)
  • Assisting in the development of documentation and review of internal processes
  • Supporting with due diligence
  • Client Liaison and relationship building
  • Relationship / stakeholder management
  • Collating, analysing, and producing reports

Back To Roles▲

Agencies, please read…

Any CVs received from agencies with whom we do not already have terms will be considered a gift.