Penetration Tester

A rapidly growing leader in proactive cybersecurity services is expanding its consulting team and seeking a Security Consultant with a strong background in mobile application penetration testing. This role is ideal for a hands-on penetration tester who enjoys uncovering complex vulnerabilities and delivering meaningful security improvements for enterprise clients.

You will work alongside experienced security professionals, leveraging advanced tooling, automation, and research-driven methodologies to perform deep technical testing across mobile applications and APIs. The focus of this role is on producing high-quality, actionable findings that help organizations strengthen their security posture.

Key Responsibilities

• Perform penetration testing engagements on mobile applications (iOS and Android) and associated APIs

• Identify weaknesses related to data storage, network communications, authentication, and cryptography

• Analyze mobile application behaviour, sandboxing, and OS-level security controls

• Produce clear, well-structured penetration testing reports aligned with client-specific standards and workflows

• Collaborate with internal teams and clients to explain findings and recommend remediation strategies

• Research and develop new tools, techniques, and testing methodologies to improve assessment quality

• Support consulting operations through documentation, reporting, and engagement-related administrative tasks

Required Qualifications

• 2–3+ years of experience conducting application or mobile penetration testing

• Hands-on experience with offensive security tools such as:

  • Kali Linux, Burp Suite, Metasploit, Nessus

  • Mobile-focused tools including Frida, Drozer, Objection, and Ghidra

• Solid understanding of mobile data security, encryption, and secure communications

• Strong working knowledge of Android and iOS operating systems

• Familiarity with common offensive and defensive security concepts and network protocols

• Deep understanding of the OWASP Top 10 and relevant security frameworks

• Working knowledge of Windows, Linux, and macOS internals

• Ability to work independently while collaborating effectively within a team

• Strong written and verbal communication skills

• Willingness to travel up to 5–10%

• Ability to support an 8-hour workday, with occasional evenings or weekends as required by project timelines

Preferred Experience

• Mentoring or coaching junior team members

• Sharing security knowledge through blogs, webinars, or conference presentations

• Experience with scripting or programming languages such as Python, Ruby, Perl, Java, C/C++, or C#

• Industry-recognized offensive security certifications (e.g., OSCP, GPEN, GXPN, GWAPT, CISSP)

• Experience with ARM reverse engineering

• Development of Frida scripts or tools to bypass protections or exploit mobile application vulnerabilities

This is a fully remote positon within the UK

If interested please do apply!