Penetration Tester

About Us

We're a rapidly growing cybersecurity reseller and MSP delivering cutting-edge security solutions across network, endpoint, cloud, and offensive security testing. Our mission: empower clients to expose and eliminate critical vulnerabilities before attackers do.

We're expanding our offensive security team and need an experienced Penetration Tester to deliver high-impact, real-world security assessments that drive tangible improvements.

The Role – What You'll Own

You will simulate sophisticated cyberattacks across client environments – from networks and web apps to cloud and endpoints – exposing weaknesses before adversaries can exploit them. Your findings will guide clients to stronger, more resilient security postures.

• Lead internal and external penetration tests, including infrastructure, web, wireless, cloud, and social engineering.
• Execute red team, purple team, and breach simulation exercises tailored to client maturity and objectives.
• Identify and safely exploit vulnerabilities to demonstrate real business impact.
• Deliver clear, actionable reports tailored to both technical teams and executives.
• Drive client engagement through scoping calls, meetings, and remediation planning.
• Continuously refine testing methodologies, tools, and techniques.
• Collaborate closely with cybersecurity, managed services, and compliance teams to integrate offensive findings into wider risk strategies.
• Stay ahead of emerging threats, exploits, and attack techniques through ongoing research.

What You Bring – Skills & Experience

• 2 to 5+ years of hands-on penetration testing experience across network, web, wireless, and cloud environments.
• Expert with core tools: Burp Suite, Metasploit, Cobalt Strike, Nmap, and custom scripting.
• Deep understanding of vulnerabilities (OWASP Top 10, MITRE ATT&CK) and exploitation methods.
• Experience delivering reports aligned to PTES, OWASP, NIST, or OSSTMM standards.
• Exceptional communicator who can translate complex technical issues for diverse audiences.
• Proven certifications like OSCP, eCPPT, CRTO, CREST CPSA/CRT, or equivalent.

Bonus Points

• Red team, purple team, or adversary emulation experience.
• Programming/scripting skills (Python, PowerShell, Bash).
• Cloud pentesting experience (AWS, Azure, GCP).
• Familiarity with threat modeling or risk-based vulnerability assessments.
• Advanced certifications such as OSCE, OSEP, OSWE, CRTP, CREST CRT/CCT.

Join us if you want to make a real impact, tackle diverse challenges, and grow within a dynamic, client-focused security team.

Eames Consulting is acting as an Employment Agency in relation to this vacancy.