Penetration Tester

A rapidly growing leader in proactive cybersecurity services is expanding its consulting team and seeking a Security Consultant with a strong background in mobile application penetration testing. This role is ideal for a hands-on penetration tester who enjoys uncovering complex vulnerabilities and delivering meaningful security improvements for enterprise clients. You will work alongside experienced security professionals, leveraging advanced tooling, automation, and research-driven methodologies to perform deep technical testing across mobile applications and APIs. The focus of this role is on producing high-quality, actionable findings that help organizations strengthen their security posture. Key Responsibilities Perform penetration testing engagements on mobile applications (iOS and Android) and associated APIs Identify weaknesses related to data storage, network communications, authentication, and cryptography Analyze mobile application behaviour, sandboxing, and OS-level security controls Produce clear, well-structured penetration testing reports aligned with client-specific standards and workflows Collaborate with internal teams and clients to explain findings and recommend remediation strategies Research and develop new tools, techniques, and testing methodologies to improve assessment quality Support consulting operations through documentation, reporting, and engagement-related administrative tasks Required Qualifications 2–3+ years of experience conducting application or mobile penetration testing Hands-on experience with offensive security tools such as: Kali Linux, Burp Suite, Metasploit, Nessus Mobile-focused tools including Frida, Drozer, Objection, and Ghidra Solid understanding of mobile data security, encryption, and secure communications Strong working knowledge of Android and iOS operating systems Familiarity with common offensive and defensive security concepts and network protocols Deep understanding of the OWASP Top 10 and relevant security frameworks Working knowledge of Windows, Linux, and macOS internals Ability to work independently while collaborating effectively within a team Strong written and verbal communication skills Willingness to travel up to 5–10% Ability to support an 8-hour workday, with occasional evenings or weekends as required by project timelines Preferred Experience Mentoring or coaching junior team members Sharing security knowledge through blogs, webinars, or conference presentations Experience with scripting or programming languages such as Python, Ruby, Perl, Java, C/C++, or C# Industry-recognized offensive security certifications (e.g., OSCP, GPEN, GXPN, GWAPT, CISSP) Experience with ARM reverse engineering Development of Frida scripts or tools to bypass protections or exploit mobile application vulnerabilities This is a fully remote positon within the UK If interested please do apply