Role: Pen tester
Rate: Outside IR35
Location: 1-2 days a week onsite in Croydon
Duration: 6 months initially
SC clearance required
This role supports the strategic shift towards internal assurance, reducing reliance on external ITHC suppliers, and aligning with Secure-by-Design (SbD) principles.
You will work closely with stakeholders to identify vulnerabilities early in the development lifecycle, contribute to the capability build, and help shape the future of security testing across the department.
Key Responsibilities
Conduct internal penetration testing across applications, infrastructure, and end user devices (EUDs), including POISE and MacBook platforms.
Perform scenario-based testing aligned with SbD principles and DSA security non-functional requirements.
Collaborate with development teams to integrate findings into JIRA workflows for rapid remediation.
Support the testing pipeline, including planning, execution, and reporting of penetration tests.
Maintain compliance with NCSC guidance and Home Office security standards.
Desirable Qualifications
Certifications: OSCP, CREST CRT, CTL Web/Inf, , CEH.
Experience with cloud security (AWS, Azure) and containerised environments.
Essential Skills & Experience
Hands-on experience with penetration testing tools.
Strong understanding of OWASP, NIST SP 800-53, ISO 27001, and CIS Benchmarks.
Familiarity with Secure-by-Design principles and CI/CD pipeline integration.
Experience testing EUDs under operational constraints (e.g. no destructive tools, CSOC coordination).
Ability to interpret and apply security NFRs across diverse environments.
Proficiency in JIRA, SharePoint, and vulnerability management platforms.
Attributes
Strong stakeholder engagement and communication skills.
Ability to work independently and as part of cross-functional teams.
Commitment to continuous improvement and knowledge sharing.
Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds.
Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.
