A specialist UK cybersecurity consultancy with a growing cloud security practice is hiring a Penetration Tester with cloud infrastructure expertise. You will conduct technical security assessments across Azure and AWS environments for clients spanning financial services, retail and critical national infrastructure, delivering findings that result in genuine security improvement. Role & Responsibilities: • Conduct cloud infrastructure penetration tests against Azure and AWS environments: IAM privilege escalation, storage misconfigurations, lateral movement and data exfiltration scenarios • Perform web application penetration testing (OWASP Top 10) for cloud-hosted applications and APIs • Conduct network penetration testing for hybrid cloud and on-premises environments • Execute red team exercises simulating advanced persistent threat actors targeting cloud workloads • Write high-quality penetration test reports: executive summaries, technical findings, CVSS scoring and remediation guidance • Conduct assumed breach assessments and cloud configuration reviews using tools such as ScoutSuite, Prowler, BloodHound and Pacu • Stay current with cloud attack techniques, CVEs and threat actor TTPs relevant to Azure and AWS • Contribute to the consultancy's methodology development and internal knowledge base Required Skills & Experience: • 4+ years of penetration testing experience with a focus on cloud infrastructure • Hands-on Azure and AWS attack experience: IAM enumeration, storage access, compute pivoting, managed identity abuse • Strong web application testing skills aligned to OWASP Top 10 and SANS Top 25 • Proficiency with penetration testing tools: Burp Suite, Metasploit, BloodHound, Pacu, ScoutSuite • Scripting skills in Python or Bash for tool development and automation • OSCP (Offensive Security Certified Professional) — required • PNPT, CRTO, AWS Security Specialty or Azure AZ-500 is a strong advantage • CHECK Team Member status is advantageous for UK public sector engagements What We Offer: • Fully remote role based in the UK with occasional client onsite assessments • Salary £60,000–£80,000 based on experience and certifications • Variety of client engagements across industries and assessment types • Dedicated research time, bug bounty participation support and conference attendance budget For a penetration tester who wants to specialise in cloud attack paths — where the most interesting vulnerabilities now live.
Remote · UK | £60,000–£80,000