Security Consultant - Penetration Tester
Hybrid
London, United Kingdom
Full Time
25-04-2025
Job Specifications
Security Consultant - Penetration Tester
Role Overview
:
We are seeking a highly skilled and experienced Offensive Security Consultant with a strong focus understanding on threat intelligence and attack methods. The ideal candidate will be responsible for managing and conducting advanced penetration testing engagements, leveraging threat intelligence to simulate real-world attacks across a variety of environments, including OT, IT, web applications, cloudinfrastructure, and APIs. This role requires a deep understanding of adversarial approaches, excellent communication skills, and the ability to provide strategic and actionable recommendations to significantly enhance our clients' security postur
e.
What you'll be doi
ng:
Lead and manage the full lifecycle of complex penetration testing engagements, applying a strong threat intelligence-led appro
ach.Execute advanced penetration tests across a broad range of environments (applications, infrastructure, web, APIs, O365, Azure, AWS, OT), directly applying your knowledge of current threat landscapes and attacker T
TPs.Develop and maintain sophisticated test plans, execution plans, and targeted use cases directly informed by in-depth threat intelligence analy
sis.Identify and prioritize OT and IT assets, services, and systems based on their criticality and potential exposure to identified thre
ats.Strategically prioritize, plan, and schedule penetration testing engagements based on comprehensive threat assessments and client-specific requireme
nts.Produce high-quality, detailed reports that clearly articulate technical findings, potential business impact, and strategic, actionable remediation recommendations for both technical and non-technical stakehold
ers.Clearly and effectively communicate complex security concepts, adversarial tactics, and critical threat intelligence insights to diverse audien
ces.Collaborate closely with client IT and cybersecurity teams to drive the enhancement of security protocols and ensure effective, threat-informed remediation of identified vulnerabilit
ies.Track the progress of remediation efforts and provide regular, concise updates to stakeholders, highlighting the reduction of identified thre
ats.Conduct proactive security research and contribute to the creation of technical content on emerging threats, advanced attack techniques, and threat intelligence-led testing methodolog
ies.Contribute to strengthening security monitoring (blue team) capabilities by providing valuable insights into offensive techniques and adversarial behaviors to enhance detection and response effectiven
ess.Drive the patching regime for identified vulnerabilities, prioritizing remediation efforts based on threat intelligence and the potential for exploitation by advanced threat act
ors.
What you'll
bring:
Minimum of 5 years of demonstrable professional experience in penetration testing, with a strong emphasis on understanding, emulating, and leveraging adversarial tactics and threat intell
igence.Comprehensive understanding of OT and IT asset profiles, technologies, and security best practice principles, with a proven ability to contextualize them within the current threat lan
dscape.In-depth knowledge of network protocols, cryptography, security vulnerabilities, and common attack vectors employed by sophisticated threat
actors.Demonstrated proficiency in utilizing a wide range of penetration testing tools and methodologies, including those specifically used for threat intelligence analysis and appli
cation.Proven experience in scoping and executing complex penetration tests, particularly those directly informed and driven by threat intell
igence.Exceptional written and verbal communication skills, with the ability to articulate complex technical findings and nuanced threat intelligence insights clearly and concisely to diverse aud
iences.Strong organizational and time management skills, with a proven ability to effectively manage and prioritize multiple concurrent engag
ements.Current CREST CRT certification or higher is ess
ential.Must hold or be eligible for SC Cle
arance.
Desirable
Skills:
Experience with Breach Attack Simulation tools and metho
dologies.Experience in Vulnerability Management processes and integrating threat inte
lligence.Understanding of Risk Management frameworks and how threat intelligence informs risk ass
essments.Hands-on experience with security reviews of AWS, Azure, and GCP environments, incorporating cloud-specific
threats.Experience with ISO 27001 auditing/implementation, understanding the role of threat intelligence in co
mpliance.Other advanced cybersecurity certifications such as CISM, CISSP, ECSA, C
REST CCT.
About the Company
NTT DATA – a part of NTT Group – is a trusted global innovator of IT and business services headquartered in Tokyo. We help clients transform through consulting, industry solutions, business process services, digital & IT modernization and managed services. NTT DATA enables them, as well as society, to move confidently into the digital future. We are committed to our clients’ long-term success and combine global reach with local client attention to serve them in over 50 countries around the globe. Know more
Related Jobs
- Company Name
- Double Eleven
- Job Title
- Senior Network Programmer
- Job Description
- We're looking for a Senior Network Programmer to join our award winning team in Middlesbrough (UK), home to the beautiful North Yorkshire coastline and countryside. As a Senior Network Programmer at Double Eleven, you'll play a major part in shaping how players experience our games. By building new features, optimising network performance and creating core mechanics, you'll ensure that we continue to create best selling games. Working with structure, you'll have the creative freedom to work in white space. In this role, you'll be the guiding force behind our talented team of developers, helping them grow, succeed, and deliver high-quality code. You'll work closely with diverse teams across various disciplines, combining your expertise with that of designers, artists, and developers to transform innovative concepts into immersive, interactive experiences that captivate and engage players. As a global gaming company, we've enabled millions to conquer Minecraft Dungeons, battle in Rust Console Edition and create new adventures in Fallout 76. Recently, we collaborated with Rockstar Games to bring Red Dead Redemption to the Nintendo Switch and PlayStation 4 as well as partnered with Obsidian Entertainment on Grounded: Fully Yoked Edition for Nintendo Switch and PlayStation 4 and 5. Double Eleven is a place where our people come first. Our 400-person team proudly represents over 30 nationalities. We strive to avoid crunch, we offer flexible working hours to allow you to truly enjoy work/life balance whilst making great games and any overtime is always planned, optional and paid. We can support UK relocation and have both a dedicated People and Operation teams on standby to assist you. On this occasion, we're unable to sponsor a visa for this role. What You'll Be Doing Work with every discipline to make sure our games perform great online and offline Define and develop robust networking code that leads the field Delight players with fantastic online performance Work with the lead programmer on creating the best architecture following best practices at an industry standard Collaborate with the QA Department to identify causes for any problems and possibly apply fixes Help develop highly efficient code for various projects Managing and mentoring team members around direction, knowledge and applied practice Implement industry standard security measures Implement industry standard multiplayer features on current gen/next gen architecture Come up with new exciting ways of approaching problems What We're Looking For Significant experience developing in C++ Great team working and communication skills Experience of developing and shipping a game which has online components Knowledge of low-level network APIs Knowledge of TCP/UDP Sockets, WebSockets, WebRTC and Concurrency Knowledge of various secure encryption techniques i.e: Open SSL Experience of the platform specific services and APIs on Xbox Live, PSN and Switch Knowledge and implementation of anti-cheat techniques Solid foundation of mathematics Computer Science degree Knowledge of Unreal Engine Qualifications All relevant qualifications considered What To Expect Working life at Double Eleven Start your day any time between 8:00am and 10:00am 35 working hours per week with a 1 hour lunch break (with the opportunity to flex down to 30 minutes or up to 2 hours) Opportunity to apply for hybrid working (up to 2 days working from home per week) 28 days annual leave (20 days annual leave + 8 days bank holiday) 1 day leave for your birthday and 1 day leave if you're moving house Up to 10 days discretionary annual leave during our end of year break Potential for annual performance bonus 5 additional days annual leave for 5 years service and a further 5 days annual leave for your 10 years service milestone A brand new, state-of-the-art studio facilities that includes a market hall serving nutritious, subsidised meals, round-the-clock gym access, an auditorium and more Free breakfast options, juice, hot drinks and fruit Employee referral bonus (up to £2000!) Electric Car Scheme Cycle to Work scheme Free game codes, game swag and merchandise Family-friendly leave available Christmas Saving Scheme Free parking Best-in-class tools and workflows so you can focus on creativity Professional development and wellbeing Vitality Private Healthcare, discounts and rewards for you, your spouse and children (upon the successful completion of your 6 month probationary period) Access to mental health and wellbeing support via Plumm (includes 4 free video therapy sessions per month for both the employee and up to 3 family members aged 18+), unlimited text therapy, courses, meditations A personalised development plan with dedicated support tailored to your growth and goals Access to an accredited Academy providing professional qualifications (and access to 500 UK discounts and offers via TOTUM when registered as a student) A dedicated Workplace Experience team responsible for work environments, workplace and quality of employee life services to help foster collaboration, creativity and innovation In-studio wellbeing programmes and People team support Team life Free activities via our Bus Tours programme (where on occasion, partners and children are welcome to join you) Many team events to celebrate team and game milestones Sponsored team activities including football, basketball, book club, movie club and more Opportunity to contribute to our internal Employee Diversity and Equality Network Ways to reach us If you have a general query or if you need support with your application and/or an alternative way to apply, please do not hesitate to contact our Talent team at jobs@double11.com
- Company Name
- CENSUS
- Job Title
- Technical Project Manager - Embedded Systems Security (UK Nationals Only)
- Job Description
- About CENSUS CENSUS is an internationally acclaimed Cybersecurity services provider. We support the needs of multiple industries, providing IT and OT security services to public and private organizations around the world, ranging from financial institutions and critical infrastructure to automotive and secure communications, including Fortune 500 companies. Powered by cutting-edge research, scientific analysis and in-depth engineering experience across various industries & technologies, CENSUS delivers unparalleled security consulting & assessment services for products (software, services, devices, and large-scale platforms), infrastructure, and organizations. Learn more about CENSUS at census-labs.com. About The Job / Key Responsibilities CENSUS’ bespoke cybersecurity services are built upon a talented pool of Security Engineers, whose role extends beyond mere adherence to industry best practices. Our Technical Project Managers play a pivotal role in formulating and executing service delivery strategies that align with the rigorous quality standards set by CENSUS. Drawing from their robust technical background and leveraging their project & stakeholder management skills, TPMs serve as the primary facilitators empowering our clients to effectively maximize the potential of our security and advisory teams. Skills We are looking for talented & ambitious professionals to grow our Product Security Professional Services team and join our ongoing mission to deliver in-depth and top-tier cybersecurity services to our valued clients. As part of this role, you will use your technical background - in the Embedded Systems Security domain – along with your Project Management skills to enable a successful service delivery to our clients. You will work side-by-side with our clients’ development and security teams & partners, under engagements / projects that involve: Working with our clients to understand their requirements and scope, size, plan the corresponding technical activities to efficiently meet those (consulting, assessments, audits, evaluations, security architecture development, etc.). Receiving high-level task & product descriptions and decomposing them to smaller & well-defined technical activities, which are then assigned to the corresponding security engineering & consulting teams. Leading project’s technical team within the scope of the engagement. Documenting and presenting product security risks in both technical and business-oriented language. Conducting technical QA and presenting to both technical and business audiences, the technical team deliverables (findings, technical reports, observations, improvement recommendations, operational methodologies, etc.) Building and developing relationships with cross-client teams and partners. Owning & driving the continuous improvement of the technical quality of the project team deliverables. Ensuring client satisfaction and business growth by communicating lessons learned and key success factors to the business development team. Minimum Qualifications MSc or BSc in Electrical Engineering, Computer Science, Computer Engineering, Electronics Engineering, or equivalent practical experience. 4+ years of experience in embedded, general- or special-purpose computer system-level software or firmware security. Experience can be an engineering / development position (e.g., consumer or enterprise), an assessment / consultancy role, an equivalent role in other engineering organizations, or a combination of them. 2+ years of experience in technical project management in a role related to product or information security. Key Skills & Preferred Qualifications Experience with Embedded Systems, Linux, or Real Time Operating systems security concepts. Experience with reviewing system security architecture & engaged technologies. Experience with ARM architectures & platforms. Experience with C, C++, Rust, or Assembly (ARM) programming languages in the context of system software (bootloaders, drivers, kernel, system services, etc.). Experience with secure boot, firmware & software integrity, OTA updates, and hardware-backed device attestation technologies. Experience with cryptographic primitives and cryptographic best practices in the context of system security (inline crypto engines, storage encryption, attestation, HW key rooting, derivation, wrapping/unwrapping, etc.). Familiarity with identifying and reporting security vulnerabilities on system software (memory corruption, side-channel attacks, business logic, etc.). Familiarity with product security assessments and S-SDLC processes. Experience with managing technical teams. Experience with translating complex technical concepts into relevant messages suitable for various audiences (engineering and different tiers of management). Experience with stakeholder management for security engineering deliverables. Experience working with international teams located in other regions and time zones worldwide. Excellent leadership, ownership, problem solving skills, and willingness to learn/grow. Proficient in English and excellent communication skills. Traveling may be required
- Company Name
- NVIDIA
- Job Title
- Senior Silicon Security Architect
- Job Description
- NVIDIA has been transforming computer graphics, PC gaming, and accelerated computing for more than 25 years. It's an outstanding legacy of innovation that's fueled by great technology—and outstanding people. Today, we’re tapping into the unlimited potential of AI to define the next era of computing. An era in which our GPU acts as the brains of computers, robots, and self-driving cars that can understand the world. Doing what’s never been done before takes vision, innovation, and the world’s best talent. As an NVIDIAN, you’ll be immersed in a diverse, encouraging environment where everyone is motivated to do their best work. Come join the team and see how you can make a lasting impact on the world. NVIDIA is seeking a network security research architect who is interested in a chance to define, research, and implement next-generation security features for data centers’ networks. The position will take on a lead role, working with teams with varied strengths across NVIDIA and with external partners to research security requirements for networking products. What You'll Be Doing Lead, research, design, develop, and implement solutions for attestation and confidential compute in network devices. Apply innovative security primitives using attestation capabilities. Collaborate across external and internal teams and with customers. Define next generation architecture following standards bodies and developing proof-of-concepts for attestation and confidential compute. What We Need To See MSc or PhD in Electrical Engineering, Computer Science, or Computer Engineering or equivalent experience. At least 5 years of experience. Background in security-by-design Background in attestation protocols such as DICE, SPDM, TPM, CoRIM Programming and debugging fundamentals across languages such as Python, and C/C++. Strong communication skills and a genuine passion for working together as a team are vital. Ways To Stand Out From The Crowd Proven security research experience and publications in top security conferences. Background in confidential compute and trusted execution environments solutions such as ARM CCA and PCIe TDISP Experience with high-scale deployment challenges and threat modeling Architectural background and hardware-software codesign. JR1996461
- Company Name
- Saab UK
- Job Title
- Cyber Security Lead
- Job Description
- Introduction: Saab UK is part of Scandinavia's largest defence company, bringing together the best of Swedish and British innovation. Saab offers world-leading solutions and services in defence, aviation, space, and civil security to keep people and society safe. Our UK presence has been growing at pace, meaning we can offer a wide range of opportunities for personal fulfilment and career growth. We currently employ over 500 people across eight sites in the UK, and our specialisations include software engineering, underwater robotics, radars, AI, and armed forces training. As part of the global entity Saab AB, Saab UK combines the innovative spirit of a start-up with the resources and expertise of a larger corporation. Globally, Saab employs over 22,000 people, with operations on every continent. Our partnerships with UK customers and industry mean we are able to deliver innovative solutions to complex challenges, anticipating the threats of tomorrow. We invest 23% of our annual revenue into research and development, collaborating with a range of partners including industry and academia. Saab is a company that offers our employees plenty of opportunities for growth and advancement. We embrace diversity and are committed to providing a workplace where individuals can thrive professionally, paving the way for future progression. We also recognise the need for a healthy work-life balance to ensure our staff have the chance to live a fulfilling life beyond the workplace. The Role: The Cyber Security Lead will lead the deployment and management of Cyber Security activities across the UK Saab operations in close co-operation with the business units, group security and the group IT operations in Sweden. The role will ensure compliance of UK operations to customer and group security standards. The role will work closely with UK Security and Group IT and Security teams to assist with compliance against CyberEssentials plus, ISO 27001 compliance and UK customer security requirements Responsibilities: Safeguards Saab UK networks and information system by identifying and solving potential and actual security problems. Protects systems by implementing and managing access privileges, control structures, and resources. Recognises problems by identifying abnormalities; reporting violations. Reporting on emerging threats together with the Group IT Security function Implements security improvements by assessing current situation; evaluating trends; anticipating requirements. Determines IT process violations and inefficiencies by conducting periodic audits. Upgrades system by implementing and maintaining security controls. Keeps users informed by preparing performance reports; communicating system status. Maintains quality service by following Saab Group IT standards. Maintains technical knowledge by attending educational workshops; reviewing publications. Systems accreditation for internal and external teams Leading IT Security Incident response process Required Skills: System administration Network security Problem solving Information security policies On-call network troubleshooting Firewall administration Network protocols Routers, hubs, and switches Collaboration and communication Process improvement Knowledge of systems accreditation for internal and external teams Experience and Qualifications: Bachelor's degree in Computer Science, Information Systems, or equivalent education or work experience 4+ years of prior relevant experience Advanced certifications in Security Standards Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defence-in-depth and common security elements. Hands-on experience analysing high volumes of logs, network data (e.g. Netflow, FPC), and other attack artifacts in support of incident investigations Experience with vulnerability scanning solutions In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g. Sentinel, Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, LogLogic, Splunk) Understanding of mobile technology and OS (i.e. Android, iOS, Windows), Experienced in Cloud Security principles As a National Security Vetting clearance is required for this role, applicants will be required to hold National Security Vetting clearance to SC level or have the ability to gain it. By submitting an application to Saab UK you consent to undertaking workforce screening activities that may include but are not limited to: Baseline Personnel Security checks, National Security Vetting, reference checks, verification of working rights and in all circumstances preferred candidates will be placed through a security interview.