Overview
At ProtekCyber, our Penetration Testers don’t just find vulnerabilities — they help eliminate them before they become breaches. You’ll be on the offensive front, simulating real-world attacks on client networks, applications, and cloud environments to expose weaknesses and harden defences. Whether assessing enterprise systems or SMEs preparing for compliance audits, your work ensures clients can face threats with clarity, control, and confidence. This is a hands-on technical role with an emphasis on manual testing, report writing, and direct collaboration with engineering and DevSecOps teams. You’ll also help embed secure practices earlier in the software development lifecycle.
Join the Frontline of Cyber Defense
Help businesses bounce back stronger by delivering fast, decisive, and intelligent incident response
Client Interaction & Communication
- Act as a technical lead during high-pressure client engagements, providing clear updates, calm direction, and confidence throughout.
- Translate technical threat data into plain-English insights and recommendations.
- Provide structured situation reports and final incident reports tailored to stakeholder needs.
Innovation & Improvement
- Contribute to the development of in-house tooling, detection logic (YARA, Sigma, Snort), and response playbooks.
- Share insights with the wider team to inform detection tuning and threat intelligence development.
- Continuously refine our incident response methodology to reflect evolving threats and client needs.
Knowledge Sharing & Collaboration
- Actively mentor junior team members through shadowing, feedback, and knowledge transfer during live engagements.
- Deliver internal training sessions and workshops to uplift team capabilities in digital forensics, threat hunting, and incident containment.
- Contribute to cross-functional retrospectives post-incident to capture lessons learned and drive process improvements.
What You’ll Be Doing
- Conduct manual and automated penetration testing across web apps, APIs, mobile apps, internal/external infrastructure, and cloud environments (Azure, AWS, etc.).
- Simulate real-world threat scenarios (black, grey, and white-box engagements) using industry-standard tools and methodologies.
- Identify and exploit misconfigurations, logic flaws, insecure protocols, and other critical issues.
- Work with developers and engineers to explain root causes, share secure coding practices, and advise on remediation steps.
- Produce clear, actionable reports tailored to technical and non-technical stakeholders.
- Support clients preparing for certifications like Cyber Essentials Plus, ISO 27001, and CREST assessments.
- Stay up to date on emerging TTPs, tools, and techniques used by threat actors — and reflect those in engagements.
Bonus Skills
- Experience with code review (Python, Java, or JavaScript).
- Reverse engineering or binary exploitation experience.
- Certifications such as OSCP, CRT, CREST, OSCE, GWAPT, or GXPN.
What We’re Looking For
- 3–5+ years’ experience conducting hands-on penetration testing (apps, infrastructure, or cloud).
- Solid knowledge of OWASP Top 10, MITRE ATT&CK, and common offensive security techniques.
- Strong experience with tools like Burp Suite, Nmap, Metasploit, and manual testing methodologies.
- Familiarity with at least one cloud platform (Azure, AWS, or GCP).
- Ability to clearly document vulnerabilities, risk impact, and remediation recommendations.
- Understanding of secure development practices and SDLC integration.
Why ProtekCyber?
- Tackle meaningful security challenges across real business environments.
- Receive a dedicated training and certification budget to pursue CREST, OSCP, SANS, and more.
- Be part of a modern, forward-thinking consultancy where red teaming is not just tolerated — it’s prioritised.
- Hybrid working, private medical, team retreats, performance bonuses, and more.
Apply Now
Ready to join our team? Fill out the application form below and we'll get in touch with you.