Inside IR35 Penetration Tester Contract Jobs

Filter Your Search

Filters

Search
Updating results… 37 Contract jobs sorted by:
Date Posted
Date Posted
Rate
Updating results… 37 Contract jobs

Head of Cyber Resilience and Cloud

Posted 1 day ago by Sanderson Recruitment


Role DescriptionWe are supporting a major Financial Services organisation in the search for a Head of Cyber Resilience a...

  • Rate £850 per day
  • Category Inside
  • Work type Hybrid
  • Location Reading (RG1), RG1

Senior Field Marketing Manager

Posted 1 day ago by Jobserve


What you'll be doingDevelop and execute regional marketing strategies aligned with business objectives across the EMEA r...

  • Rate Negotiable
  • Category Inside
  • Work type Hybrid
  • Location London

Manual Tester - CESA Legacy (SFIA 5)

Posted 1 day ago by TXP


OverviewWe are looking for an experienced Manual Test Analyst to support delivery within the CESA Legacy estate.This rol...

  • Rate £525 per day
  • Category Inside
  • Work type Hybrid
  • Location Telford (TF1)

Automation Tester - Data

Posted 1 day ago by Jobserve


Key ResponsibilitiesDesign and execute automated tests across data pipelinesValidate data transformations between source...

  • Rate Negotiable
  • Category Inside
  • Work type Hybrid
  • Location London

Manual Tester - CESA Legacy (SFIA 5)

Posted 1 day ago by TXP


OverviewWe are looking for an experienced Manual Test Analyst to support delivery within the CESA Legacy estate.This rol...

  • Rate £525 per day
  • Category Inside
  • Work type Hybrid
  • Location Telford, UK

Stay Updated on Contract Jobs

Never miss another opportunity with our email alerts.

Save your searches to be notified as soon as new jobs are added.

Get Job Alerts

Senior Identity Architect (IDAM)

Posted 2 days ago by Mentmore Recruitment


What you'll own:Strategy & LeadershipDeliveryGovernance & AssuranceStrategy & LeadershipSet the direction fo...

  • Rate £700 per day
  • Category Inside
  • Work type Undetermined
  • Location Oxford, Oxfordshire, UK

Platform Engineer - 6 months - Inside IR35

Posted 3 days ago by Hamilton Barnes


OverviewWe are seeking an experienced Platform Engineer to join a leading financial services programme based in London....

  • Rate Negotiable
  • Category Inside
  • Work type Hybrid
  • Location London, UK

Solution Tester

Posted 4 days ago by Pigment Consulting Ltd


Solution Tester (Data)Pigment is a change and transformation consultancy. We partner with other consultancies to deliver...

  • Rate £550 per day
  • Category Inside
  • Work type Hybrid
  • Location Wiltshire, UK

Data Security Engineer

Posted 4 days ago by Boss Professional Services


Role DescriptionFocus of the role:Experienced CyberArk Engineer with extensive expertise in designing, implementing, upg...

  • Rate Negotiable
  • Category Inside
  • Work type Hybrid
  • Location United Kingdom

IT Cloud & AI Security Engineer

Posted 4 days ago by Proactive Appointments


Cloud Security ProfessionalWe are seeking an experienced Cloud Security Professional to join the Office of the CISO. Thi...

  • Rate £500 per day
  • Category Inside
  • Work type Undetermined
  • Location London, UK

Fullstack Developer

Posted 7 days ago by Atrium Workforce Solutions UK Limited


This position is ideal for a senior Full Stack Developer and Healthcare Technology Specialist with strong Azure and .NET...

  • Rate £590 per day
  • Category Inside
  • Work type Hybrid
  • Location London, UK

Informatica Tester – SC Cleared

Posted 1 week ago by Whitehall Resources


The Informatica Tester – SC Cleared role requires a highly skilled Senior Test Engineer with expertise in ETL and Data W...

  • Rate Negotiable
  • Category Inside
  • Work type Hybrid
  • Location Hybrid-remote in England

Data Security Engineer

Posted 1 week ago by Whitehall Resources


The Data Security Engineer role at Whitehall Resources is a hybrid position based in Warwickshire, focused on designing...

  • Rate Negotiable
  • Category Inside
  • Work type Hybrid
  • Location Warwickshire

Tester (Informatica)

Posted 1 week ago by eTeam Workforce Limited


We are seeking a highly skilled Senior Test Engineer specializing in ETL and Data Warehouse testing, particularly with I...

  • Rate £537 per day
  • Category Inside
  • Work type Remote
  • Location Remote , UK

Data Security Engineer - CyberArk

Posted 1 week ago by fortice


The Data Security Engineer role focuses on the design, implementation, and support of CyberArk Privileged Access Managem...

  • Rate £430 per day
  • Category Inside
  • Work type Hybrid
  • Location Hybrid - Warwick, UK

Tester (Informatica)

Posted 1 week ago by Jobserve


The role of Tester (Informatica) involves a Senior Test Engineer responsible for validating data migration from SAS-base...

  • Rate £537 per day
  • Category Inside
  • Work type Remote
  • Location Remote

Performance Tester

Posted 1 week ago by Sanderson Government & Defence


The Performance Tester role involves primarily remote work with occasional onsite requirements in London. The position i...

  • Rate £396 per day
  • Category Inside
  • Work type Hybrid
  • Location London, UK

Cyber Security Architect

Posted 1 week ago by BAE Systems


The Cyber Security Architect role focuses on securing operational technology and critical national infrastructure within...

  • Rate £90 per hour
  • Category Inside
  • Work type Onsite
  • Location Lancashire, England, United Kingdom

Security Engineer

Posted 1 week ago by iXceed Solutions


The Security Engineer role is focused on enhancing mobile application security within a high-profile project. Candidates...

  • Rate Negotiable
  • Category Inside
  • Work type Hybrid
  • Location London Area, United Kingdom

Mobile Automation Tester

Posted 1 week ago by CSI GLOBAL LTD


The Mobile Automation Tester role is a contract position based in Sheffield, UK, focusing on automation testing for a co...

  • Rate Negotiable
  • Category Inside
  • Work type Undetermined
  • Location Sheffield, England, United Kingdom

About Our Inside IR35 Penetration Tester Contract Roles

What does a penetration tester contractor do?

The Penetration Tester contractor role centres on the ability to conduct authorised simulated attacks against an organisation's systems, networks, applications, and people in order to identify security vulnerabilities before malicious actors can exploit them. The work is methodical and technically demanding, requiring the contractor to think and operate like a sophisticated attacker while remaining within the rules of engagement and documenting all findings with the rigour needed to support remediation. Penetration testing contracts span a range of scopes: infrastructure tests targeting internal or external network infrastructure, web application tests against specific applications and APIs, mobile application tests on iOS and Android, social engineering and phishing simulations, and full red team exercises that simulate an advanced persistent threat across a complete attack chain.

Penetration Tester contractors are expected to have deep technical knowledge of offensive security techniques across the relevant domains. Web application penetration testing requires expert-level familiarity with the OWASP Testing Guide, Burp Suite Professional for intercepting and manipulating web traffic, and the ability to manually identify and verify complex vulnerabilities including business logic flaws that automated scanners miss. Network penetration testing requires knowledge of Active Directory attack techniques including Kerberoasting and Pass-the-Hash, post-exploitation and lateral movement methodology, and tools including Nmap, Metasploit, and Bloodhound. Red team contractors need experience with command and control frameworks such as Cobalt Strike or Havoc, custom implant development, and the operational security practices needed to simulate advanced adversaries convincingly. CREST CRT or CREST CCT, OSCP, and CHECK Team Leader credentials are the recognised benchmarks in the UK market and are frequently required by financial services and government clients.

What is the market like for penetration tester contractors?

Penetration Tester contracting is one of the most consistently in-demand and well-paying specialisms within the cybersecurity contractor market. Regulatory requirements for regular penetration testing across financial services, healthcare, critical national infrastructure, and e-commerce ensure a structural floor of demand, and the growing recognition that compliance-driven testing should be supplemented by more sophisticated red team assessments is expanding the market upwards. CREST-certified testers with CHECK approval are in particularly strong demand across government and financial services, where these credentials are required for sensitive system testing. Supply of genuinely skilled penetration testers is limited by the depth of knowledge required and the length of time needed to develop that expertise, maintaining strong rates across the discipline.

What does Inside IR35 mean?

IR35 is UK tax legislation that determines whether a contractor is genuinely self-employed or working in a manner that resembles employment. When a contract is classified as inside IR35, income tax and National Insurance are deducted at source, typically via an umbrella company or agency PAYE. Headline day rates on inside IR35 engagements are generally higher than equivalent outside IR35 roles to account for the tax and employment cost structure.

Inside IR35 determinations are made where the working arrangements are considered to resemble employment, based on factors including the level of client control, the absence of a genuine right of substitution, and the presence of mutuality of obligation. Since April 2021, the end client is responsible for making this determination for medium and large private sector organisations. Many employers in financial services, government, and professional services assess the majority of their contractor engagements as inside IR35.

On QualityContracts.co.uk, approximately 49% of roles with a stated IR35 status are classified as inside IR35, making it the most common arrangement across the contract market. The proportion varies by sector and role type. Each listing on this page displays its IR35 status where provided by the hiring organisation.

What penetration tester roles are usually Inside IR35?

Around 55% of penetration testing contracts with a stated status are inside IR35. These tend to be in organisations with in-house offensive security teams that conduct continuous testing across their application and infrastructure estate. Financial services firms subject to CBEST and TIBER-EU testing requirements and government departments with ongoing security testing programmes hire pen testers as embedded team members. The inside IR35 pen testing market demands broader skills than one-off assessments, including red teaming, social engineering, and threat intelligence.

How much do penetration tester contractors usually earn when working Inside IR35?

Contract rates for penetration tester roles typically range from £500 to £900 per day, depending on the scope of the role, required expertise, and the delivery expectations of the engagement. Inside IR35 rates are typically 15% to 30% higher than equivalent outside IR35 roles to account for tax and national insurance deducted at source by the fee-payer.

How many Inside IR35 penetration tester vacancies are there on Quality Contracts?

Over the past twelve months, we have tracked over 150 penetration tester contract roles across the site. Around one third of the roles currently listed on the site fall Inside IR35. Data reviewed up to June 2026.