For the best user experience please upgrade your browser

Careers at Pen Test Partners

We’re only as good as the people in our team, so we’re always looking for great people. Maybe that’s you?

PTP is acutely aware of the lack of diversity in our industry, and are keen to address that.

We are an equal opportunities employer, welcoming applications from people from all walks of life.

It’s very simple, if you have the skills and experience we’d love to talk with you.

Our purpose and values

We have a purpose statement and values which we strive to live by. Please take the time to read and absorb them. They’re important to us.

What you can expect from us

  • Competitive salary based on experience
  • 25 days holiday + 8 bank holidays
  • Private Medical Insurance and Healthcare Benefit on completion of probation
  • Group personal pension
  • Time and resource for research / pet projects / blogging
  • Financing available for training and conference attendance
  • EV lease salary sacrifice scheme on completion of probation
  • An environment where you can flourish, learn, and grow, as a person not just as an employee

PTP works with clients globally providing cyber security consultancy and testing services. We work with the most cutting-edge industries, including Automotive, Aerospace, and Maritime.

Roles:

All roles are UK based.

How to apply

Send your CV with a covering email to:

By submitting your CV you are confirming you have read and understood our privacy policy and authorise us to keep your CV on file for 6 months in case future job opportunities arise.

Back To Roles▲

Security Consultant

We are seeking an enthusiastic security consultant, who is eager to learn to join our team.  Working alongside some of the best hacking minds in the country, you’ll be delivering pen testing services to clients across all sectors.

You will need:

  • A minimum of 2 years experience delivering pen test services
  • To be proficient in infrastructure and web application testing, experience in API testing is desirable
  • Hold or previously held an industry recognised certification (this can be at any level from OSCP to CTL equivalent)

You will be:

  • Reporting into a managing security consultant where you will be delivering pen testing services, from presales through to delivery and debriefs
  • Assisting on scoping and QA
  • Contributing towards research projects and our internal knowledge sharing hubs

Our consultants aren’t just limited to working on web and infrastructure engagements. You’ll have the opportunity to get involved in some more of our niche areas and who knows, you might even find yourself hacking a ship one day.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, training platforms including A cloud Guru, HTB, TryHackMe, and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Governance, Risk and Compliance Consultant

Role:
The primary objectives of the Consultant are to deliver and enhance various security services provided to Pen Test Partners clients.

Key Responsibilities:
As part of this role, the Consultant will be able to manage and deliver a variety of security engagements. Tasks include but are not limited to:

  • Support the service line and sales process through customer pre-sales support and bid input such as RFP submissions.
  • Liaising with clients during introductory calls and defining scope of engagements.
  • Gap analysis and maturity reviews of current security status various standards.
  • Delivery of Cyber Essentials (CE) / CE Plus services with clients at all stages from pre-sales and scoping through to consultancy service delivery and support services.
  • Contributing to the continual development and improvement of knowledge sharing hubs across CE and Consultancy areas. This may include supporting other members of the consultancy teams as they upskill in these areas.
  • Providing specific services such as Attack Surface Assessment (ASAs) to support wider cross team engagements within the business.
  • Working with the team to continuously develop and improve the consultancy service catalogue.

Skills/Knowledge:
Core Skills

  • Onsite / Remote consultancy for standards such as PCI DSS / ISO27001 / GDPR / Cyber Essentials / General Cyber Security best practice.
  • Delivery of pre-implementation support such as architecture reviews and remediation work to support client improvement programs.
  • Creation of processes / documentation / Marketing Collateral.
  • Technical QA function as required for other consultants.
  • Marketing activities including public engagement speaking and attending events and trade shows.
  • Good overall IT experience such as:
  • Working with on-premises, co-location IT deployments.
  • Exposure to security devices and services such as Firewall, IDS, Anti-Malware, Monitoring systems, Helpdesk & Change Management, patch management, network, and wireless management.

Desirable Skills

  • Exposure to cloud services at a basic admin or review level, such as:
  • Microsoft Azure
  • Microsoft Office 365
  • AWS
  • Google Cloud Platform
  • Familiarity with DevOps / SecOps working practices.
  • Familiarity with CI/CD Development and automation.
  • Working with cloud security standards such as NCSC guidance, Cloud Security Alliance, CIS best practice.
  • At least 2 years working as a full time IT security consultant or similar role.

(Opportunities will be provided to shadow other team members to develop skills in new areas as the role develops).

Requirements:

  • Strong interpersonal and communication skills.
  • Self-motivated and able to work with minimal supervision whilst maintaining team ethics.
  • Client oriented, able to communicate with all levels of an organisation with appropriate technical content.
  • Excellent technical presentation and reporting skills, both written and verbal.
  • Ability to communicate detailed technical information to a non-technical audience.
  • Ability to work with other team members, to share experience and develop their skills.
  • Able of working to strict deadlines and prioritising.
  • Willingness to travel.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year.
  • Time to go to conferences and seminars.
  • Access to internal workshops and training platforms such as ‘A Cloud Guru’.
  • Paid training & exams.
  • Access to our blog bounty programme.

You’ll be working from home, though some onsite travel to client sites (including international) may be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

As an employee you’ll also have access to:

  • 25 days holiday + 8 bank holidays.
  • Private Medical Insurance and Healthcare Benefit.
  • Group personal pension.
  • EV car scheme.
  • Financing for training and conference attendance.
  • An environment where you can flourish, learn, and grow, as a person not just as an employee.

This is a UK role, so you must live and be eligible to work in the UK.

Back To Roles▲

Hardware Security Consultant

We are seeking a hardware security consultant, who is eager to learn, to join our team.  Working alongside some of the best hacking minds in the country you’ll be delivering a mixture of hardware and pen testing services to clients across all sectors.

You will need:

  • Strong skills in web application, API and mobile testing
  • Excellent ability to learn new technologies, systems, and languages
  • A keen interest in embedded systems and hardware
  • Demonstrated hardware security skills either in professional or hobbyist sphere
  • Strong network protocol analysis using tools such as Wireshark
  • An understanding of reverse engineering, experience using tools such as IDA and Ghidra, with particular focus on ARM architecture

Desirable:

  • Ability to code in various languages, particularly C and Python
  • An understanding of cryptography and common mistakes made
  • Experience of working with a variety of SoC and microprocessors

You will be:

  • Reporting into the head of hardware delivering hardware and pen testing services, from presales through to delivery and debrief
  • Assisting on scoping and QA
  • Contributing towards research and our internal knowledge sharing hubs
  • Helping to upskill others into the hardware team

Here are some examples of the services you may provide to clients:

  • Penetration testing of a cloud-connected consumer IoT system including the device, messaging platforms, infrastructure, and mobile application
  • Producing a threat model for a complex system such as a crypto wallet, aiming to uncover inherent outstanding risks in the design and implementation
  • Reviewing custom cryptographic systems to identify common issues such as hardcoded keys, use of insecure block modes, unauthenticated encryption, and use of deprecated algorithms
  • Testing routers and other networking equipment before they are deployed across Critical National Infrastructure, to ensure that they are suitably protected from physical attack and contain no secrets that can impact the wider system
  • Working with the ICS team to perform lab-based testing of complex control systems used in Critical National Infrastructure, allowing more aggressive and invasive techniques to be used than in traditional ICS environments
  • Reverse engineering the protocol used in a legacy specialised machine tool to allow it to be serviceable long into the future
  • Attempting to bypass a custom digital rights management system to provide assurance that their product is adequately secure
  • Testing network segmentation and infrastructure on a variety of ships, including cruise ships and oil rigs

We recognise that the tasks carried out by members of the hardware team are varied and challenging and we do not expect any member of the team to know everything. We operate as a team, providing advice, guidance and mentoring to each other.

Knowledge development is part of our culture. We take professional development seriously and as member of the team you will receive:

  • 24 development days per year
  • Time to go to conferences
  • Access to Internal workshops, A cloud Guru, HTB, TryHackMe and many more resources
  • Paid training & exams
  • Access to our blog bounty programme

You’ll be working from home, though we may ask you into the lab to work on pieces of hardware. Some onsite travel to client sites (including international) may also be required. Although we are a remote working company, we pay for our teams to meet regularly throughout the year holding local and company meet ups.

Back To Roles▲

Agencies, please read…

Any CVs received from agencies with whom we do not already have terms will be considered a gift.