10250545 - Internal Pen Tester
Posted 1 day ago by Stott and May
£420 Per day
Inside
Hybrid
London, UK
Summary: The Internal Penetration Tester role in London involves conducting advanced penetration testing across various environments, including applications, APIs, and cloud infrastructures. The position requires simulating real-world attacks to identify vulnerabilities and providing remediation guidance to enhance security. This is a 6-month contract position with a hybrid working arrangement. The role is classified as inside IR35.
Key Responsibilities:
- Conduct full-scope penetration tests of applications, APIs, networks, cloud, and internal infrastructure.
- Perform network testing, Active Directory enumeration/abuse, and privilege escalation.
- Identify weaknesses in authentication, authorization, input validation, and cloud/AD configurations.
- Simulate attacker techniques to test system resilience.
- Produce clear reports for both technical and executive audiences, including remediation advice.
- Collaborate with development, cloud, and infrastructure teams to close vulnerabilities.
Key Skills:
- 3-7+ years in penetration testing, red teaming, or offensive security.
- Strong application security knowledge (OWASP Top 10, API security).
- Hands-on experience in end-to-end pentests (internal, external, cloud, AD, web app, API).
- Strong Scripting skills (Python, Shell, Bash).
- Comfortable with Windows, Linux, Active Directory, Azure AD/Entra ID.
- Cloud platforms: AWS, Azure, GCP.
- Practical knowledge of tools such as Nmap, Nessus, Metasploit, Burp Suite, SQLmap, ScoutSuite, Pacu.
Salary (Rate): £420 per day
City: London
Country: UK
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Internal Pen Tester Location: London (Hybrid - 2/3 days in office) Contract Length: 6 months Rate: £420 per day - Inside IR35
The Role
We are seeking an Internal Penetration Tester to join on a 6-month contract. You will carry out advanced penetration testing across applications, APIs, internal infrastructure, networks, and cloud environments. The role involves simulating real-world attacks, identifying vulnerabilities, and providing clear remediation guidance to improve overall security posture.
Key Responsibilities
- Conduct full-scope penetration tests of applications, APIs, networks, cloud, and internal infrastructure.
- Perform network testing, Active Directory enumeration/abuse, and privilege escalation.
- Identify weaknesses in authentication, authorization, input validation, and cloud/AD configurations.
- Simulate attacker techniques to test system resilience.
- Produce clear reports for both technical and executive audiences, including remediation advice.
- Collaborate with development, cloud, and infrastructure teams to close vulnerabilities.
Candidate Profile
Essential Skills & Experience
- 3-7+ years in penetration testing, red teaming, or offensive security.
- Strong application security knowledge (OWASP Top 10, API security).
- Hands-on experience in end-to-end pentests (internal, external, cloud, AD, web app, API).
- Strong Scripting skills (Python, Shell, Bash).
- Comfortable with Windows, Linux, Active Directory, Azure AD/Entra ID.
- Cloud platforms: AWS, Azure, GCP.
- Practical knowledge of tools such as Nmap, Nessus, Metasploit, Burp Suite, SQLmap, ScoutSuite, Pacu.
Desirable
- Excellent client communication and reporting skills.
- Security certifications (eg OSCP, OSEP, GPEN, eCPPT, AWS/Azure Security).
- Strong analytical and problem-solving skills.
