Location: The duties of this position will be performed mainly at the Risk Crew office, in London SE1 with occasional travelling to customer UK locations. | Employment Type: Permanent, Full Time |

Why should you come and join the team at Risk Crew?

As a Penetration Tester on Risk Crew, you’ll be part of an elite team of security experts who are dedicated to identifying and mitigating security vulnerabilities in web applications, infrastructure, cloud, API, wireless, and mobile applications.

You will act as a trusted advisor, conducting comprehensive security assessments of our clients’ most critical assets. Apart from security testing, you will support the team to ensure on-time, on-budget delivery of their assigned tasks, quality of their deliverables and overall customer satisfaction. This role will require mid-level expertise in multiple domains of security testing, and we expect you to be versatile yet methodical in your testing approach.

What we offer to you:

  • Competitive salary.
  • Opportunities for professional growth and development.
  • Collaborative, dynamic and positively charged work environment.
  • Remote work options.
  • Access to cutting-edge security tools and technologies.
  • Recognition and rewards for outstanding performance.

Your responsibilities

  • Performing web application, infrastructure, cloud, API, wireless and mobile application penetration tests on a regular basis.
  • Contributing to Red Team and social engineering testing.
  • Report writing and client-facing presentation of test findings.
  • Consulting clients on required remedial actions.
  • Assisting with the development of junior members of the team.
  • Helping with collateral marketing materials: topical research, white papers and articles.
  • Staying up to date with the latest security trends, technologies, and threats.
  • Contributing to the evolution of the in-house penetration testing methodology and processes.

Your mandatory skills:

  • Ability to perform black box, grey box and white box tests with an attacker’s mindset.
  • Expertise in using Kali, Burp Suite, Nmap, Nessus, Qualys, Metasploit and other security tools.
  • Strong knowledge of the OWASP Testing Methodology.
  • Strong understanding of security protocols, such as SSL/TLS, SSH, and HTTP.
  • Knowledge of cloud security platforms, such as AWS, Azure, and Google Cloud.
  • Knowledge of networking protocols and the OSI Model.

Your mandatory soft skills and qualities:

  • Team player with ability to communicate effectively, collaborate and share knowledge with colleagues.
  • Goal-oriented with ability to work independently and as part of a team.
  • Able to work on multiple projects simultaneously with ability to prioritise tasks, manage time, and staying organised.
  • Strong analytical and problem-solving skills.
  • Strong work ethic, attention to detail and documentation skills with ability to provide written deliverables to a high standard.
  • Ability to translate technical details into language understandable by C-level executives.

Your complementary technical skills:

  • Hands-on with programming languages, databases and IoT.
  • Knowledge of containerisation technologies, such as Docker.
  • Experience with Attack & Threat Modelling.
  • Red Team testing and social engineering attack methodologies.
  • Working knowledge of CobaltStrike.
  • Experience with bug bounty programs and vulnerability disclosure policies.

Your education, training and experience:

  • Bachelor in Cybersecurity/Computer Science is preferred.
  • A minimum of 3-5 years of hands-on testing experience and, ideally, two or more of the following professional qualifications:
    • CREST CRT
    • OSCP
    • OSCE
    • CCT or equivalent
    • Red Team Test Leader

If this sounds like you, then we’d love to meet you.

To apply, you’ll need to send your CV to opportunities@riskcrew.com

TIP: Before you apply, check out the ‘About the Crew’ section of our website to learn more about the Crew and our values.