Internal Pentester

Internal Penetration Tester - Hybrid in London - Inside IR35 - 6 months

We are seeking an experienced Internal Pentester to join an international client secure their networks. This critical role, based in London (2-3 days per week), requires deep expertise in conducting manual and automated security assessments across networks, applications, cloud platforms, and infrastructure. You will identify and exploit vulnerabilities, simulate real-world attacks, and deliver actionable remediation guidance to strengthen defenses.

Key Responsibilities:

• Plan and execute penetration tests - perform manual and automated testing across applications, APIs, internal/external networks, cloud environments, and Active Directory.
• Identify, exploit, and validate vulnerabilities - uncover security flaws such as insecure authentication, authorization bypasses, misconfigurations, and privilege escalation paths.
• Simulate real-world attacks - use adversary techniques and offensive tools to test the resilience of networks, systems, and security controls.
• Develop detailed reports - produce both technical and executive-level documentation outlining findings, risk impact, and remediation steps

What You Will Ideally Bring:

• Application security knowledge - strong grasp of OWASP Top 10 and API security issues.Contract Details:
• Hands-on pentesting experience - 3-7+ years in penetration testing, red teaming, or offensive security across networks, cloud, AD, and web apps.
• Offensive security tooling - expertise with Nmap, Nessus, Masscan, Burp Suite, Metasploit, Cobalt Strike, Mimikatz, SQLmap, ScoutSuite, Pacu, etc.
• Reporting expertise - ability to produce professional pentest reports with CVSS scoring and MITRE ATT&CK mapping for both technical and executive stakeholders.

Contract Details:

• Duration: 6 months (with view to extend)
• Day Rate: Up to £500 per day (Inside IR35)
• Location: London (3x a week)
• Start Date: ASAP