Senior Penetration Tester/ Check Team Lead

CCL Solutions Group is seeking an exceptional Senior Penetration Tester with CHECK Team Leader Infrastructure (CTL-INF) qualifications to join our elite team of security professionals.

Location: Home based

Main Job Summary

This is more than just a job, we’re looking for individuals with a hacker’s mindset, deep technical expertise, and a relentless drive to secure the UK's most critical assets. You will be leading engagements across secure environments, delivering high-impact assessments, mentoring team members, and shaping the offensive security direction of the business. In return, we offer a highly supportive environment with structured mentoring, paid training days, and access to advanced tooling.

Main Duties & Responsibilities:

• Lead and deliver end-to-end penetration testing engagements across infrastructure and cloud environments.
• Manage and mentor junior CHECK team members, supporting their development and quality of delivery.
• Produce comprehensive, high-quality reports that identify risks, remediation strategies, and technical impact.
• Support red team simulations, infrastructure reviews, and adversary emulation where required.
• Contribute to internal R&D, tooling improvements, and the development of our offensive security services.

Required Skill Set & Experience:

This role requires a senior and mature person who can demonstrate leadership, honesty and integrity and who expects high standards. Please understand this is not an entry level role it is essential that you have:

• CHECK Team Leader certification (Cyber Scheme Team Leader - INF or CREST CCT-INF).
• Minimum of 2 years delivering CHECK engagements as a CTL.
• At least 3 years of hands-on penetration testing experience in enterprise environments.
• Deep understanding of infrastructure testing, Active Directory security, and cloud technologies (AWS, Azure, Kubernetes).
• Strong familiarity with tools such as Nmap, Burp Suite, Metasploit, Impacket, and SMBClient.
• Able to articulate technical findings to both technical and non-technical audiences in written and verbal formats.

How to be successful in this role?

To be successful in this role you will need a strong understanding of the following technical competencies:

• Solid grounding in OS and network fundamentals (Linux, Windows, Mac, TCP/IP stack).
• Knowledge of common attack techniques and mitigations (MITRE ATT&CK, OWASP Top 10).
• Familiarity with scripting and automation using Python, Bash, or PowerShell.
• Strong understanding of Active Directory attack chains and common privilege escalation paths.
• Experience interpreting logs and event outputs from OS and security appliances.

Certifications:

• OSCP, OSEP, CRTO, or other advanced offensive security qualifications.
• Programming/scripting in Python, Ruby, Go, C#, or Java.
• Experience in red teaming, threat emulation, or purple teaming.
• Agile experience and knowledge of the common production frameworks is highly desired.

Other Role Requirements:

• Must have been resident in the UK for a minimum of 5 years.
• Full UK driving licence.
• Ability to obtain (or currently hold) SC or DV clearance – this is non-negotiable and is set by the NSCS (National Cyber Security Centre) for all Check Members.
• Willingness to travel for client engagements or on-site support. Travel is within the United Kingdom.

CCL is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief, marital status, or pregnancy and maternity.

In applying for a role you acknowledge that your personal data is necessary to consider you for the advertised role. Your information will be processed in accordance with the CCL Group Privacy Notice and retained for a maximum period of 12 months.

If you would like to apply for this role please send us your current CV and a covering email.