For the best user experience please upgrade your browser

Careers at Pen Test Partners

We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you?

PTP is acutely aware of the lack of diversity in our industry, and are keen to address that.

We are an equal opportunities employer, welcoming applications from people from all walks of life.

It’s very simple, if you have the skills and experience we’d love to talk with you.

Our vision and values

We have a vision statement and values which we strive to live by. Please take the time to read and absorb them. They’re important to us.

What you can expect from us

  • Competitive salary based on experience
  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Time and resource for research / pet projects / blogging
  • Financing available for training and conference attendance
  • EV lease salary sacrifice scheme on completion of probation
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

PTP works with clients globally providing cyber security consultancy and testing services. We work in the most cutting-edge industries, including automotive, aviation, and maritime.

Roles:

All roles are UK based.

How to apply

Send your CV with a covering email to:

By submitting your CV you are confirming you have read and understood our privacy policy and authorise us to keep your CV on file for 6 months in case future job opportunities arise.

Back To Roles▲

Security Consultant – Testing

We are seeking an enthusiastic security consultant, who is eager to learn to join our team.  Working alongside some of the best hacking minds in the country, you’ll be delivering pen testing services to clients across all sectors.

You will need:

  • A minimum of 2 years experience delivering pen test services
  • To be proficient in infrastructure and web application testing, experience in API testing is desirable
  • Hold or previously held an industry recognised certification (this can be at any level from OSCP to CTL equivalent)

You will be:

  • Reporting into a managing security consultant where you will be delivering pen testing services, from presales through to delivery and debriefs
  • Assisting on scoping and QA
  • Contributing towards research projects and our internal knowledge sharing hubs

Our consultants aren’t just limited to working on web and infrastructure engagements. You’ll have the opportunity to get involved in some more of our niche areas and who knows, you might even find yourself hacking a ship one day.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, training platforms including A cloud Guru, HTB, TryHackMe, and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Hardware Security Consultant

We are seeking a hardware security consultant, who is eager to learn, to join our team.  Working alongside some of the best hacking minds in the country you’ll be delivering a mixture of hardware and pen testing services to clients across all sectors.

You will need:

  • Strong skills in web application, API and mobile testing
  • Excellent ability to learn new technologies, systems, and languages
  • A keen interest in embedded systems and hardware
  • Demonstrated hardware security skills either in professional or hobbyist sphere
  • Strong network protocol analysis using tools such as Wireshark
  • An understanding of reverse engineering, experience using tools such as IDA and Ghidra, with particular focus on ARM architecture

Desirable:

  • Ability to code in various languages, particularly C and Python
  • An understanding of cryptography and common mistakes made
  • Experience of working with a variety of SoC and microprocessors

You will be:

  • Reporting into the head of hardware delivering hardware and pen testing services, from presales through to delivery and debrief
  • Assisting on scoping and QA
  • Contributing towards research and our internal knowledge sharing hubs
  • Helping to upskill others into the hardware team

Here are some examples of the services you may provide to clients:

  • Penetration testing of a cloud-connected consumer IoT system including the device, messaging platforms, infrastructure, and mobile application
  • Producing a threat model for a complex system such as a crypto wallet, aiming to uncover inherent outstanding risks in the design and implementation
  • Reviewing custom cryptographic systems to identify common issues such as hardcoded keys, use of insecure block modes, unauthenticated encryption, and use of deprecated algorithms
  • Testing routers and other networking equipment before they are deployed across Critical National Infrastructure, to ensure that they are suitably protected from physical attack and contain no secrets that can impact the wider system
  • Working with the ICS team to perform lab-based testing of complex control systems used in Critical National Infrastructure, allowing more aggressive and invasive techniques to be used than in traditional ICS environments
  • Reverse engineering the protocol used in a legacy specialised machine tool to allow it to be serviceable long into the future
  • Attempting to bypass a custom digital rights management system to provide assurance that their product is adequately secure
  • Testing network segmentation and infrastructure on a variety of ships, including cruise ships and oil rigs

We recognise that the tasks carried out by members of the hardware team are varied and challenging and we do not expect any member of the team to know everything. We operate as a team, providing advice, guidance and mentoring to each other.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, A cloud Guru, HTB, TryHackMe and many more resources
  • Paid training & exams

Back To Roles▲

Red Team Security Consultant

We are looking for an experienced consultant to join our Red Team, where you will be delivering Red and Purple Team services to clients across all sectors. You will be part of an experienced, close-knit Red Team, providing mutual advice, guidance, and mentoring.

Pen Test Partners is an innovative and dynamic thinking organisation committed to providing a supportive environment, where our people can not only thrive but actively participate in shaping PTP’s culture and direction.

With over 140 employees across pen testing, consultancy, digital forensics, sales and support functions, we pride ourselves in attracting the right people and providing them with the environment to develop and perform at their best. Going the extra mile to work on cool research, publish and promote expert cyber security knowledge and deliver outstanding work for our customers, all in support of our industry.

You will be:

  • Reporting to the head of Red Team.
  • Delivering Red and Purple Team services, from pre-sales through to delivery and debrief.
  • Assisting with scoping and QA.
  • Contributing to research and internal knowledge sharing.
  • Upskilling team members.
  • Maintaining offensive attack knowledge to emulate advanced Tactics, Techniques, and Procedures (TTPs).
  • Keeping up-to-date with Blue Team and defensive tactics and concepts.

You will need:

  • Strong skills in leading and performing Red and Purple Team engagements.
  • Ability to emulate advanced threat actors and operate covertly in mature environments.
  • Experience across a broad range of sectors and technologies, including offensive cloud testing.
  • Proficient in written and spoken English, with strong presentation and debriefing skills.
  • Experience with different C2 frameworks and bypassing modern Endpoint Detection & Response (EDR).
  • Strong programming/scripting skills for developing custom scripts or tools.
  • Experience across all stages of the Cyber Kill Chain, including initial foothold replication.
  • Knowledge of multiple Operating Systems, including Windows, *nix, and macOS, and ability to build and operate payloads for these systems.

Desirable:

  • Experience with frameworks such as CBEST, GBEST, GCASE, STAR, STAR-FS, TIBER.
  • CREST Certified Simulated Attack Specialist (CCSAS)

Knowledge and development are part of our culture, and we give everyone the opportunity to upskill and get involved in some more of our niche areas of testing. As a member of our team, you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to internal workshops and knowledge sharing hubs
  • Access to external training platforms
  • Paid training & exams
  • Access to our blog bounty programme
  • Opportunity to contribute towards research projects

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Candidates must hold the right to work in the UK.

Competitive salary dependant on experience.

Back To Roles▲

Agencies, please read…

Any CVs received from agencies with whom we do not already have terms will be considered a gift.