Location: The duties of this position will be performed mainly at the Risk Crew office, in London SE1, with occasional travel to customer UK locations. | Employment Type: Permanent, Full Time

Reports to: Delivery Team Manager.

Why should you come and join the team at Risk Crew?

As a Penetration Tester at Risk Crew, you’ll be part of an elite team of security experts who are dedicated to identifying and mitigating security vulnerabilities in web applications, infrastructure, cloud, API, wireless, and mobile applications.

You will act as a trusted advisor, conducting comprehensive security assessments of our clients’ most critical assets. Apart from security testing, you will support the team to ensure on-time, on-budget delivery of their assigned tasks, quality of their deliverables and overall customer satisfaction. This role will require mid-level expertise in multiple domains of security testing, and we expect you to be versatile yet methodical in your testing approach.

What we offer to you:

  • Competitive salary.
  • A collaborative, dynamic and positively charged work environment.
  • Autonomy in conducting penetration testing activities.
  • Opportunities for professional growth and development.
  • Optional hybrid work after the successful completion of the probationary period.
  • Regular performance reviews.
  • Annual training and development plan.
  • Access to industry events and conferences.

Your responsibilities

  • Performing web application, infrastructure, cloud, API, wireless and mobile application penetration tests on a regular basis.
  • Contributing to Red Team and social engineering testing.
  • Report writing and client-facing presentation of test findings.
  • Consulting clients on required remedial actions.
  • Providing post-test support to clients and consulting them on required remedial actions.
  • Assisting with the development of junior members of the team.
  • Helping with collateral marketing materials: topical research, white papers and articles.
  • Staying up to date with the latest security trends, technologies, and threats.
  • Contributing to the evolution of the in-house penetration testing methodology and processes.
  • From time to time, you may help with collateral marketing materials such as research, white papers and articles.

Your mandatory skills:

  • Ability to perform black box, grey box and white box tests with an attacker’s mindset.
  • Strong knowledge of the OWASP Testing Methodology.
  • Strong understanding of security protocols, such as SSL/TLS, SSH, and HTTP.
  • Knowledge of mobile security testing, ideally both Android and iOS.
  • Expertise in using Kali, Burp Suite, Nmap, Nessus, Qualys, Metasploit and other security tools.
  • Knowledge of cloud platforms’ security testing, such as AWS, Azure, and Google Cloud.
  • Knowledge of networking protocols and the OSI Model.

Your mandatory soft skills and qualities:

  • Team player with ability to communicate effectively, collaborate and share knowledge with colleagues.
  • Goal-oriented with the ability to work independently and as part of a team.
  • Able to work on multiple projects simultaneously with the ability to prioritise tasks, manage time, and stay organised.
  • Strong analytical and problem-solving skills.
  • Strong work ethic, attention to detail and documentation skills with the ability to provide written deliverables to a high standard.
  • Ability to translate technical details into language understandable by C-level executives.

Your complementary technical skills:

  • Ability to perform black box, grey box and white box tests with an attacker’s mindset.
  • Expertise in using Kali, Burp Suite, Nmap, Nessus, Qualys, Metasploit and other security tools.
  • Strong knowledge of the OWASP Testing Methodology.
  • Strong understanding of security protocols, such as SSL/TLS, SSH, and HTTP.
  • Knowledge of mobile security testing, ideally both Android and iOS.
  • Knowledge of cloud platforms’ security testing, such as AWS, Azure, and Google Cloud.
  • Knowledge of networking protocols and the OSI Model.

Your (nice to have) technical skills:

  • Hands-on with programming languages, databases and IoT.
  • Knowledge of containerisation technologies, such as Docker.
  • CI/CD security.
  • Red Team testing and social engineering attack methodologies.
  • Working knowledge of CobaltStrike.
  • Hardware security, e.g. IoT and/or Industrial IoT.
  • Hands-on with AI/LLM security.
  • Experience with bug bounty programs and vulnerability disclosure policies.

Your education, training and experience:

  • Bachelor in Cybersecurity/Computer Science is preferred.
  • A minimum of 3-5 years of hands-on testing experience and, ideally, two or more of the following professional qualifications:
    • CREST CRT
    • OSCP
    • OSCE
    • CCT or equivalent

If this sounds like you, then we’d love to meet you.

To apply, you’ll need to send your CV to opportunities@riskcrew.com

TIP: Before you apply, check out the ‘About the Crew’ section of our website to learn more about the Crew and our values.