Penetration Tester
The Penetration Tester will be embedded within team to deliver agile, scenario-based, and on-demand security testing across digital services. This role supports the strategic shift towards internal assurance, reducing reliance on external suppliers.
You will work closely with stakeholders to identify vulnerabilities early in the development lifecycle, contribute to the capability build, and help shape the future of security testing across the department.
Key Responsibilities
* Conduct internal penetration testing across applications, infrastructure, and end user devices (EUDs).
* Perform scenario-based testing aligned with principles and DSA security non-functional requirements.
* Collaborate with development teams to integrate findings into JIRA workflows for rapid remediation.
* Support the testing pipeline, including planning, execution, and reporting of penetration tests.
* Maintain compliance with NCSC guidance and security standards.
Desirable Qualifications
* Certifications: OSCP, CREST CRT, CTL Web/Inf, , CEH.
* Experience with cloud security (AWS, Azure) and containerised environments.
* Knowledge of Home Office testing standards and ITHC processes.
Essential Skills & Experience
* Hands-on experience with penetration testing tools.
* Strong understanding of OWASP, NIST SP 800-53, ISO 27001, and CIS Benchmarks.
* Familiarity with Secure-by-Design principles and CI/CD pipeline integration.
* Experience testing EUDs under operational constraints (e.g. no destructive tools, CSOC coordination).
* Ability to interpret and apply security NFRs across diverse environments.
* Proficiency in JIRA, SharePoint, and vulnerability management platforms.
Attributes
* Strong stakeholder engagement and communication skills.
* Ability to work independently and as part of cross-functional teams.
* Commitment to continuous improvement and knowledge sharing.
Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take a minimum 10 weeks. LA International is an award-winning partner of choice for many of the world's most influential companies and government organisations. Holding Enhanced Government Security Accreditation, we are recognised as the European market leader in the delivery of Security Cleared talent to organisations that demand the very highest levels of security, compliance and assurance.
An award-winning organisation, having secured the prestigious Queens Award for Enterprise: International Trade over multiple years. We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience.
Please Note: If a high volume of applications is received, only candidates shortlisted will be contacted.
