Security Penetration Tester – Reading, Berkshire in Exeter

A Security Penetration Tester will support the design, implementation, and maintenance of TVM (Threat & Vulnerability Management) solutions, controls and processes across the organisation. The role involves liaising with Digital teams to ensure appropriate mitigation and remediation of vulnerabilities detected across the IT estate. This role requires an understanding of TVM concepts, technologies, and best practices, and the ability to collaborate effectively with cross‑functional teams. The ideal candidate will possess strong communication skills and be committed to ensuring the highest level of security, compliance, and user experience.

Security Clearance: CTC (Counter Terrorist Check) clearance is essential. You must currently hold or be able to attain CTC clearance for this role.

What you’ll be doing as a Security Penetration Tester:

• Help support and develop an internal penetration testing function.
• Conduct network, application penetration testing, code and security reviews.
• Identify and exploit vulnerabilities through proof‑of‑concept testing.
• Support vulnerability management across the enterprise, ensuring that a framework for identification, categorisation and mitigation exists and is implemented and maintained.
• Support the creation of the operating model for vulnerability management, ensuring it is shared, agreed and operates effectively across the business.
• Develop and maintain penetration testing documentation, policies, and procedures.
• Integrate cyber security solutions (e.g., vulnerability scanning tools) with existing systems, applications, and infrastructure.
• Evaluate and recommend technologies, tools, and vendors to meet business needs.
• Investigate newly identified cyber security vulnerabilities and provide appropriate mitigation actions.
• Liaise and coordinate with technology and business stakeholders in relation to cybersecurity patching and vulnerability management issues/actions.
• Maintain a cyber threat assessment methodology, align to evolving industry standards and integrate into BAU and project‑based business processes.
• Support proactive threat hunting for new and emerging cyber threats.
• Develop and maintain dashboards with cyber security threat and vulnerability metrics.
• Support compliance with relevant industry standards, regulations, and best practices, such as GDPR, NIS and ISO 27001.

What you should bring to the role:

• Strong knowledge of manual penetration testing techniques and confidence with operating systems and tools such as Tenable, Burp Suite, Kalli Linux.
• Exposure to remediating vulnerabilities and patch management in a complex business environment.
• Experience in remediating cyber risks in an evolving digital estate.
• Experience in a penetration testing enterprise environment.
• Ability to prepare detailed reports and present findings to key stakeholders.
• Cyber security industry certification(s) such as CSTM/ CRT/ OSCP/CTL.
• Understanding of different patching management techniques and approaches for different technology stacks (e.g. SaaS, IaaS, End‑User Computing, Server Estate).
• Knowledge of TVM concepts, technologies, and best practices, including OSINT tools, vulnerability assessment, threat modelling.

What’s in it for you?

• Competitive salary of up to £72,000 per annum depending on experience.
• Annual leave – 26 days holiday per year, increasing to 30 with length of service (plus bank holidays).
• Generous pension scheme through AON.
• Performance‑related pay plan directly linked to company performance measures and targets.
• Access to a range of health and wellbeing benefits, including annual health MOTs, access to physiotherapy and counselling, Cycle to Work schemes, shopping vouchers, and life assurance.