Penetration Tester

Job Title: Penetration Tester
Location: Leeds / Hybrid
Reports To: Head of Cyber Services
Salary: £55,000 - £60,000
Travel: Occasional client site visits

We're a rapidly growing cybersecurity reseller and MSP delivering cutting-edge security solutions across network, endpoint, cloud, and offensive security testing. Our mission: empower clients to expose and eliminate critical vulnerabilities before attackers do.

We're expanding our offensive security team and need an experienced Penetration Tester to deliver high-impact, real-world security assessments that drive tangible improvements.

You will simulate sophisticated cyberattacks across client environments - from networks and web apps to cloud and endpoints - exposing weaknesses before adversaries can exploit them. Your findings will guide clients to stronger, more resilient security postures.

• Lead internal and external penetration tests, including infrastructure, web, wireless, cloud, and social engineering.

• Execute red team, purple team, and breach simulation exercises tailored to client maturity and objectives.

• Identify and safely exploit vulnerabilities to demonstrate real business impact.

• Deliver clear, actionable reports tailored to both technical teams and executives.

• Drive client engagement through scoping calls, meetings, and remediation planning.

• Continuously refine testing methodologies, tools, and techniques.

• Collaborate closely with cybersecurity, managed services, and compliance teams to integrate offensive findings into wider risk strategies.

• Stay ahead of emerging threats, exploits, and attack techniques through ongoing research.

• 2 to 5+ years of hands-on penetration testing experience across network, web, wireless, and cloud environments.

• Expert with core tools: Burp Suite, Metasploit, Cobalt Strike, Nmap, and custom scripting.

• Deep understanding of vulnerabilities (OWASP Top 10, MITRE ATT&CK) and exploitation methods.

• Experience delivering reports aligned to PTES, OWASP, NIST, or OSSTMM standards.

• Exceptional communicator who can translate complex technical issues for diverse audiences.

• Proven certifications like OSCP, eCPPT, CRTO, CREST CPSA/CRT, or equivalent.

• Red team, purple team, or adversary emulation experience.

• Programming/scripting skills (Python, PowerShell, Bash).

• Cloud pentesting experience (AWS, Azure, GCP).

• Familiarity with threat modeling or risk-based vulnerability assessments.

• Advanced certifications such as OSCE, OSEP, OSWE, CRTP, CREST CRT/CCT.

Join us if you want to make a real impact, tackle diverse challenges, and grow within a dynamic, client-focused security team.

Eames Consulting is acting as an Employment Agency in relation to this vacancy.