At a Glance
- Tasks: Join our Academy to learn and deliver penetration testing services while gaining hands-on experience.
- Company: Bridewell, a leading cyber security services company with a collaborative culture.
- Benefits: Enjoy 25 days holiday, flexible working, private healthcare, and a supportive environment.
- Other info: Receive mentorship and training from industry experts while working on real client projects.
- Why this job: Kickstart your career in cyber security and make a real impact on protecting organisations.
- Qualifications: No experience needed; just a passion for ethical hacking and problem-solving.
The predicted salary is between 25000 - 32000 £ per year.
One of the most exciting prospects in the UK cyber security sector today, Bridewell is a leading cyber security services company specialising in protecting and transforming critical business functions for some of the world’s most trusted organisations. We are the trusted partner for operators of essential services and provide end-to-end cyber security capabilities that help our clients overcome their security challenges, allowing them to operate safely and securely. Bridewell holds the Gold level, Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly one team.
The Opportunity
As an Academy Penetration Tester Consultant, you will join Bridewell’s 18-month Academy programme and begin your journey towards becoming a qualified offensive security professional. This pathway is designed for individuals with a strong interest in ethical hacking, technical problem solving and helping organisations understand and reduce cyber risk. Throughout the programme, you will develop the technical, consulting and client-facing skills needed to deliver high-quality penetration testing services across a range of environments. You will work alongside experienced penetration testers and offensive security consultants, gaining exposure to real client engagements while building the knowledge, confidence and professionalism required to succeed in a specialist security testing role.
During your first six months, you will build a strong foundation in penetration testing methodology, technical security principles, professional consulting behaviours and client delivery. You will work towards key early-career milestones including Cyber Scheme Foundation Level (CSFL), gain a UK Cyber Security Council Professional Title at Associate level and enrol on the Trainee Cyber Essentials Assessor (TCEA) pathway. This stage will focus on core technical skills, structured learning, shadowing experienced consultants and understanding how Bridewell delivers safe, ethical and high-quality security assessments. During this time, you will also shadow and work alongside experienced consultants, assisting with delivery of real client engagements.
Between months seven and twelve, you will continue to develop your practical testing capability and begin delivering more client-facing work. You will deepen your understanding of web application testing, vulnerability identification, reporting and remediation advice, while continuing to build the consulting skills needed to communicate findings clearly and effectively. During this stage, you will work towards Burp Suite Certified Practitioner (BSCP) and complete the Honeycomb Core Consulting Skills training.
In the final stage of the programme, from months thirteen to eighteen, you will focus on progressing towards recognised industry practitioner status. You will undertake the Cyber Scheme CSTM Practitioner Training, work towards Cyber Scheme Team Member (CSTM) exam and obtain your PraCSP Professional Title status leading to NCSC CHECK Team Member (CTM) status, as well as Cyber Essentials Plus Assessor. By this point, you will be expected to take on increasing responsibility across engagements, demonstrate sound technical judgement, and contribute to the delivery of penetration testing services with appropriate support and oversight.
You will be supported throughout by a dedicated one-to-one mentor, experienced consultants within the offensive security team, and structured access to learning platforms including HackTheBox VIP+ and TCM Security Academy. This combination of formal training, hands-on practice, mentoring and real client experience will give you the opportunity to build a strong foundation for a long-term career in penetration testing. By the end of the Academy, you will have developed the skills, qualifications and practical experience needed to progress into a penetration testing consultant role, helping Bridewell’s clients identify security weaknesses, understand technical risk and improve their resilience against real-world threats.
Qualifications Earned Through the Academy
- Cyber Scheme Foundation Level (CSFL)
- Cyber Scheme Team Member (CSTM)
- NCSC CHECK Team Member (CTM) Practitioner
- Cyber Security Professional (PraCSP)
- Cyber Essentials Assessor
Responsibilities
- Support the delivery of penetration testing engagements under the guidance of experienced consultants.
- Follow agreed methodologies, rules of engagement, legal boundaries and Bridewell quality standards.
- Carry out vulnerability identification, validation, evidence capture and initial risk assessment.
- Contribute to penetration testing reports by documenting findings, impact, evidence and remediation advice clearly and accurately.
- Support engagement preparation, including kick-off activities, connectivity checks and client communication.
- Escalate risks, blockers, unexpected findings or scope concerns promptly to the lead consultant or engagement manager.
- Communicate professionally with clients during meetings, updates, debriefs and written correspondence.
- Author penetration testing reports.
- Explain technical issues in a clear and accessible way to both technical and non-technical audiences.
- Take ownership of personal development across the Academy pathway, including training, certifications, mentoring and practical labs.
- Actively seek, receive and apply feedback from mentors, lead consultants, peers and quality assurance reviews.
- Manage time effectively across client delivery, training, certification preparation and internal activities.
- Collaborate positively with Academy peers, penetration testers, resourcing planning and wider Bridewell teams while demonstrating professionalism, curiosity and accountability.
Experience
- Minimum grade of 4/C in GCSE English Language and Maths (or equivalent).
- Preferred: A degree in Cyber Security, an equivalent qualification (such as Level 3 Apprenticeship) or completion of a Cyber Security-focused training course or bootcamp.
- No work experience is needed; this is an entry-level position. We are looking for someone who shows potential for these roles through transferable skills. Confidence, relationship building and a self-starter mentality are all welcome – alongside a huge eagerness to learn.
Benefits
- 25 days holiday – plus buy and sell options.
- Flexible working (around core office hours).
- Company pension.
- Employee shareholder scheme.
- Personal day & birthday off – after 1 year of service.
- Family leave – after 1 year of service.
- Enhanced maternity based on length of service.
- Life assurance.
- Electric vehicle scheme & cycle to work scheme.
- Private healthcare (incl. gym discounts and vision care).
Location
Bridewell operates a hybrid and flexible working policy; however you will be required to travel to different sites on occasion, in particular our London office.
Security Clearance
To be eligible for this job you must either hold UK security clearance or be eligible and willing to go through this security clearance. Bridewell values diversity and is an equal opportunity employer. We are dedicated to fostering an inclusive environment where all employees feel respected, supported and empowered to do their best work. If you require any reasonable adjustments throughout the interview process, please let us know.
Academy Penetration Testing Consultant in Cardiff employer: Bridewell
Bridewell is an exceptional employer in the UK cyber security sector, offering a robust Academy programme that equips aspiring penetration testers with the skills and qualifications needed for a successful career. With a strong emphasis on employee development, flexible working arrangements, and a supportive work culture, Bridewell fosters an inclusive environment where team members can thrive and contribute to meaningful projects that protect critical business functions. The opportunity to learn from experienced professionals and gain hands-on experience in real client engagements makes this role particularly rewarding for those passionate about ethical hacking and cyber security.
StudySmarter Expert Advice🤫
We think this is how you could land Academy Penetration Testing Consultant in Cardiff
✨Get Involved in Cybersecurity Communities
Join local cybersecurity meetups and online forums like Reddit or Discord. These communities are often buzzing with opportunities and can lead to job openings at companies like Bridewell. Plus, you’ll pick up valuable insights from experienced pros!
✨Show Off Your Skills Publicly
Contribute to open-source projects or try your hand at Capture The Flag (CTF) competitions. This not only hones your skills but provides solid evidence of your capabilities that we can showcase when applying for the trainee role at Bridewell.
✨Utilise University Career Services
As a trainee, take full advantage of your uni's career services. They often have ties with companies and can connect you to internships or trainee roles. Get involved in campus cybersecurity events, as they can be a gateway to meeting the right people.
✨Apply Through Our Website
When you're ready to apply for that exciting trainee position at Bridewell, don't forget to submit your application through our website. It'll make your application stand out and we love to see interested candidates taking that extra step!
We think you need these skills to ace Academy Penetration Testing Consultant in Cardiff
Some tips for your application 🫡
Show Off Your Skills:Cybersecurity is all about your technical know-how, so make sure to highlight any relevant coding languages or security protocols you've learned. If you've dabbled in penetration testing or familiarised yourself with tools like Wireshark or Metasploit, don't hold back – make it known!
Emphasise Your Eagerness to Learn:As a trainee, your potential will be more important than your experience. Use your cover letter to express your passion for cybersecurity and your motivation to absorb knowledge. Share any relevant coursework, certifications, or personal projects that show your drive and commitment to the field.
Tailor Your CV to Cybersecurity:Don't just list generic job experiences; instead, focus on roles or projects that showcase your problem-solving skills and attention to detail. If you have participated in Capture The Flag (CTF) competitions or completed online courses, make sure they shine on your CV. They matter!
Craft a Concise and Relevant Cover Letter:When writing your cover letter for Bridewell as a trainee in cybersecurity, keep it clear and to the point. Highlight your relevant skills and why you’re excited about learning and developing in this industry. Remember, we're looking for your personality as much as your credentials!
How to prepare for a job interview at Bridewell
✨Brush Up on Cybersecurity Fundamentals
As we're diving into a trainee role in cybersecurity, make sure you’re well-versed in the basics like network security, encryption, and firewall technologies. Expect some technical questions that test your understanding of these fundamentals, so grab those textbooks or online courses and give them a quick review!
✨Showcase Your Hands-On Experience
Even though you’re applying for a trainee position, having hands-on experience can really set you apart. If you've worked on any personal projects, like setting up a home lab or participating in hackathons, be ready to share those experiences during the interview. It shows your passion and willingness to learn in a practical sense!
✨Prepare for Scenario-Based Questions
Expect real-world scenarios that test your problem-solving skills. Interviewers often present hypothetical security breaches or vulnerabilities and ask how you'd respond. Practising these scenarios can help us articulate our thought processes and demonstrate our analytical skills effectively.
✨Express Your Eagerness to Learn
As a trainee, your motivation and eagerness to learn are what they're really after. Make sure to express your interest in new technologies and staying updated on industry trends. It's also a good idea to cite any relevant cybersecurity certifications you’re pursuing or considering—this shows initiative and commitment!