Offensive Security Tester

NTT DATA, a global leader in security services, is seeking a CREST-certified Offensive Security Tester to join its UK Security Practice. This role involves conducting advanced penetration testing engagements, identifying vulnerabilities across diverse IT environments, and providing actionable remediation guidance to enhance client security postures. The ideal candidate will have a strong background in offensive security, a deep understanding of attack techniques, and excellent communication skills to deliver impactful results.

Key Responsibilities:

• Conduct comprehensive penetration tests across web applications, network infrastructure, and mobile applications.
• Perform external and internal network penetration testing using industry-standard methodologies.
• Execute wireless security assessments, social engineering engagements, and red team exercises.
• Conduct application security testing, including API and web service assessments.
• Vulnerability Assessment and Analysis
• Identify, validate, and prioritize security vulnerabilities discovered during testing.
• Analyze attack paths and assess the business impact of identified vulnerabilities.
• Develop proof-of-concept exploits to demonstrate security risks.
• Technical Reporting and Communication
• Produce detailed technical reports documenting findings, risks, and remediation recommendations.
• Create executive summaries highlighting business impact and strategic risk concerns.
• Present findings to technical teams and management stakeholders.
• Testing Methodology and Tool Management
• Follow industry-standard penetration testing methodologies (e.g., OWASP, PTES, NIST).
• Maintain and update penetration testing tools and exploitation frameworks.
• Stay current with the latest attack techniques, vulnerabilities, and security research.
• Client Engagement and Support
• Communicate effectively with clients throughout testing engagements.
• Coordinate testing activities to minimize business disruption.
• Support scoping discussions and provide security awareness briefings to client teams.

What experience you’ll bring:

• Certifications
• CREST Registered Penetration Tester (CRT) certification required.
• Must meet UK SC Clearance eligibility guidelines.
• Additional certifications preferred (e.g., OSCP, GPEN, CEH).
• Professional Skills
• Strong technical writing and verbal communication skills.
• Ability to explain complex technical issues to non-technical audiences.
• Excellent time management and attention to detail.
• Education and Experience
• Bachelor’s degree in computer science, Cybersecurity, or related field.
• Direct experience working in government, military, or intelligence organizations advantageous.
• 3–5 years of experience in penetration testing or offensive security roles.
• Preferred Qualifications
• Experience conducting red team exercises and adversarial attack simulations.
• Familiarity with threat modeling and risk assessment methodologies.
• Background in information security or IT security operations.

Success Metrics (6–12 Months)

• Complete a minimum of 10 penetration testing engagements per quarter.
• Achieve client satisfaction ratings of 90% or higher for testing services.
• Deliver high-quality technical reports with zero critical errors.
• Stay within defined scope and timelines for all engagements.

We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation.