For the best user experience please upgrade your browser

Careers at Pen Test Partners

We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you?

PTP is acutely aware of the lack of diversity in our industry, and are keen to address that.

We are an equal opportunities employer, welcoming applications from people from all walks of life.

It’s very simple, if you have the skills and experience we’d love to talk with you.

Our purpose and values

We have a purpose statement and values which we strive to live by. Please take the time to read and absorb them. They’re important to us.

What you can expect from us

  • Competitive salary based on experience
  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Time and resource for research / pet projects / blogging
  • Financing available for training and conference attendance
  • EV lease salary sacrifice scheme on completion of probation
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

PTP works with clients globally providing cyber security consultancy and testing services. We work with the most cutting-edge industries, including Automotive, Aerospace, and Maritime.

Roles:

All roles are UK based.

How to apply

Send your CV with a covering email to:

By submitting your CV you are confirming you have read and understood our privacy policy and authorise us to keep your CV on file for 6 months in case future job opportunities arise.

Back To Roles▲

Security Consultant

We are seeking an enthusiastic security consultant, who is eager to learn to join our team.  Working alongside some of the best hacking minds in the country, you’ll be delivering pen testing services to clients across all sectors.

You will need:

  • A minimum of 2 years experience delivering pen test services
  • To be proficient in infrastructure and web application testing, experience in API testing is desirable
  • Hold or previously held an industry recognised certification (this can be at any level from OSCP to CTL equivalent)

You will be:

  • Reporting into a managing security consultant where you will be delivering pen testing services, from presales through to delivery and debriefs
  • Assisting on scoping and QA
  • Contributing towards research projects and our internal knowledge sharing hubs

Our consultants aren’t just limited to working on web and infrastructure engagements. You’ll have the opportunity to get involved in some more of our niche areas and who knows, you might even find yourself hacking a ship one day.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, training platforms including A cloud Guru, HTB, TryHackMe, and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Hardware Security Consultant

We are seeking a hardware security consultant, who is eager to learn, to join our team.  Working alongside some of the best hacking minds in the country you’ll be delivering a mixture of hardware and pen testing services to clients across all sectors.

You will need:

  • Strong skills in web application, API and mobile testing
  • Excellent ability to learn new technologies, systems, and languages
  • A keen interest in embedded systems and hardware
  • Demonstrated hardware security skills either in professional or hobbyist sphere
  • Strong network protocol analysis using tools such as Wireshark
  • An understanding of reverse engineering, experience using tools such as IDA and Ghidra, with particular focus on ARM architecture

Desirable:

  • Ability to code in various languages, particularly C and Python
  • An understanding of cryptography and common mistakes made
  • Experience of working with a variety of SoC and microprocessors

You’ll be:

  • Reporting into the head of hardware delivering hardware and pen testing services, from presales through to delivery and debrief
  • Assisting on scoping and QA
  • Contributing towards research and our internal knowledge sharing hubs
  • Helping to upskill others into the hardware team

Here are some examples of the services you may provide to clients:

  • Penetration testing of a cloud-connected consumer IoT system including the device, messaging platforms, infrastructure, and mobile application
  • Producing a threat model for a complex system such as a crypto wallet, aiming to uncover inherent outstanding risks in the design and implementation
  • Reviewing custom cryptographic systems to identify common issues such as hardcoded keys, use of insecure block modes, unauthenticated encryption, and use of deprecated algorithms
  • Testing routers and other networking equipment before they are deployed across Critical National Infrastructure, to ensure that they are suitably protected from physical attack and contain no secrets that can impact the wider system
  • Working with the ICS team to perform lab-based testing of complex control systems used in Critical National Infrastructure, allowing more aggressive and invasive techniques to be used than in traditional ICS environments
  • Reverse engineering the protocol used in a legacy specialised machine tool to allow it to be serviceable long into the future
  • Attempting to bypass a custom digital rights management system to provide assurance that their product is adequately secure
  • Testing network segmentation and infrastructure on a variety of ships, including cruise ships and oil rigs

We recognise that the tasks carried out by members of the hardware team are varied and challenging and we do not expect any member of the team to know everything. We operate as a team, providing advice, guidance and mentoring to each other.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, A cloud Guru, HTB, TryHackMe and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though we may ask you into the lab to work on pieces of hardware. Some onsite travel to client sites (including international) may also be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Junior Security Consultant – Cyber Essentials

We are seeking an enthusiastic security consultant, who is eager to learn to join our team.  Working alongside some of the best hacking minds in the country, you’ll be delivering cyber essentials services to clients across all sectors.

You will need at least one of the following:

  • A security accreditation such as CISM or CISSP (preferred)
  • A suitable IT degree or equivalent academic experience
  • 2 or more years IT experience in a compliance, IT security advisory or an IT security role

You will be:

  • Reporting into a managing security consultant where you will be delivering direct client consultancy services and Cyber Essentials assessments and marking, from presales through to delivery and debriefs
  • Assisting on scoping and QA or Cyber Essentials jobs and delivery to clients
  • Contributing towards tool building and sharing knowledge via our internal knowledge sharing hubs

Here are some examples of the services you may provide to clients:

  • Direct online calls discussing answers and submissions for cyber essentials and providing guidance on gaps or potential failures and non-compliances
  • Presales calls to help determine how you may assist clients in such consultant engagements
  • Hand over to technical teams for Cyber Essentials Plus testing and audit

As this is a junior role, we will be working with you to develop your skills and understanding of tools such as Nessus and Nmap. We will be working to develop you into a certified Cyber Essentials Plus tester and deliver Cyber Essentials and Cyber Essentials Plus audits.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences and seminars
  • Access to Internal workshops, training platforms including A cloud Guru, HTB, TryHackMe, and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Junior Digital Forensics & Incident Response Consultant

We are seeking a DFIR Consultant to join our team.  Working alongside some of the best hacking minds in the country you’ll be delivering Blue Team services to counterbalance the existing Red Team’s work.

PTP is a people focused organisation where knowledge development is part of our culture. We take pride in providing the highest quality work to our clients.  We believe in a strong company brand and strive to promote the individual reputations of our staff in the cyber security community.

Location:

This is a remote working role, however some travel to company offices and client sites (including international travel) may be required.

Core responsibilities:

Whilst the work will be varied the core responsibilities include:

  • Responding to cyber security incidents for both retained and new clients.
  • Managing and co-ordinating a cyber security response, liaising directly with clients to help them respond, identify, contain, and recover.
  • Conduct digital forensic analysis across corporate networks, varying operating systems, and Cloud environments.
  • Digital forensics and triage of relevant incident data, namely disk images, volatile data and memory dumps, network packets, and log data.
  • Manage and monitor clients receiving MDR or threat hunting services.
  • Review client IR capabilities, assisting them to improve through assessing IR maturity, delivering first responder training, and authoring IR plans and playbooks.
  • Deliver tabletop exercises.
  • Maintain a current view of the cyber threat and be able to advice clients on the threat landscape and the attack trends most relevant to them.
  • Liaise with clients on delivery, implementation, and sales issues.
  • Work to upsell other services and areas of the business.
  • Working to develop new tools and areas to improve the DFIR service lines, including working to develop IR capabilities in areas such as CNI, Automotive, Aeronautic, and Maritime.
  • Promote the service offerings of PTP with blog posts, and public engagements.
  • Provide 24/7 IR coverage through an on-call rota.

Key Competencies:

  • Minimum of 1 years work experience in cyber security and incident response
  • Excellent communication skills, both written and oral
  • Strong IT and Network knowledge, especially the OSI Model, TCP/IP, Common Ports, Networking protocols, Windows and Linux operating systems
  • Technical proficiency in a variety of digital forensics tools, particularly Volatility, KAPE, Velociraptor, CyberTriage, The Sleuth Kit, Autopsy, Wireshark and open-source tools
  • Strong knowledge in attack techniques and indicators of compromise

Desired Competencies:

  • Degree or MSc in cyber security, Digital Forensics, or another related field
  • Basic penetration testing and vulnerability scanning
  • Malware reverse engineering
  • Programming / Scripting, Python, Bash, PowerShell, Yara
  • General information security certifications, GCFA, CISM, CISA, CySA+
  • CREST Certifications, CRIA, CPIA
  • Knowledge of MITRE Att&ck Framework
  • Experience of ISO27001, PCI, CAF, NIST, CREST

Benefits:

  • Competitive salary based on experience
  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Time and resource for research / pet projects / blogging
  • Financing available for training and conference attendance
  • EV lease salary sacrifice scheme on completion of probation
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

Back To Roles▲

Senior Digital Forensics & Incident Response Consultant

PTP is a respected provider of cyber security consultancy and testing. We have a reputation for delivering work in some of the most cutting-edge industries, including Critical National Infrastructure, Automotive, Aeronautic, and Maritime, along with a range of global brands.

We are seeking an experienced DFIR Consultant to join our team.  Working alongside some of the best hacking minds in the country you’ll be delivering Blue Team services to counterbalance the existing Red Team’s work.

PTP is a people focused organisation where knowledge development is part of our culture. We take pride in providing the highest quality work to our clients.  We believe in a strong company brand and strive to promote the individual reputations of our staff in the cyber security community.

Location:

This is a remote working role, however some travel to company offices and client sites (including international travel) may be required.

Core responsibilities:

Whilst the work will be varied the core responsibilities include:

  • Responding to cyber security incidents for both retained and new clients.
  • Managing and co-ordinating a cyber security response, liaising directly with clients to help them respond, identify, contain, and recover.
  • Conduct digital forensic analysis across corporate networks, varying operating systems, and Cloud environments.
  • Digital forensics and triage of relevant incident data, namely disk images, volatile data and memory dumps, network packets, and log data.
  • Manage and monitor clients receiving MDR or threat hunting services.
  • Review client IR capabilities, assisting them to improve through assessing IR maturity, delivering first responder training, and authoring IR plans and playbooks.
  • Deliver tabletop exercises.
  • Maintain a current view of the cyber threat and be able to advice clients on the threat landscape and the attack trends most relevant to them.
  • Act as a leader and support for junior staff during client engagements.
  • Assist with project management of engagements, including scoping, sales, billing, and delivery.
  • Liaise with clients on delivery, implementation, and sales issues.
  • Work to upsell other services and areas of the business.
  • Working to develop new tools and areas to improve the DFIR service lines, including working to develop IR capabilities in areas such as CNI, Automotive, Aeronautic, and Maritime.
  • Promote the service offerings of PTP with blog posts, and public engagements.
  • Provide 24/7 IR coverage through an on-call rota.

Key Competencies:

  • Minimum of 3 years work experience in cyber security and incident response
  • Excellent communication skills, both written and oral
  • Strong IT and Network knowledge, especially the OSI Model, TCP/IP, Common Ports, Networking protocols, Windows and Linux operating systems
  • Advanced proficiency in a variety of digital forensics tools, particularly Volatility, KAPE, Velociraptor, CyberTriage, The Sleuth Kit, Autopsy, Wireshark and open-source tools
  • Strong knowledge in attack techniques and indicators of compromise
  • Experience in delivering tabletop exercises and client facing presentations
  • Experience auditing incident response capabilities and information security controls

Desired Competencies:

  • Degree or MSc in cyber security, Digital Forensics, or another related field
  • Basic penetration testing and vulnerability scanning
  • Malware reverse engineering
  • Programming / Scripting, Python, Bash, PowerShell, Yara
  • Public speaking
  • Proficiency with Burp or ZAP
  • General information security certifications, GCFA, CISM, CISA, CISSP, CySA+
  • CREST Certifications, CRIA, CPIA, CCNIA, CCHIA, CCMRE, CCIM
  • Knowledge of MITRE Att&ck Framework
  • Experience of ISO27001, PCI, CAF, NIST, CREST
  • Previous experience providing DFIR in a consultancy environment

Back To Roles▲

Agencies, please read…

Any CVs received from agencies with whom we do not already have terms will be considered a gift.