Internal Penetration Tester

Internal Pen Tester Location: London (Hybrid - 2/3 days in office)
Contract Length: 6 months
Rate: £500-600 per day - Inside IR35

The Role

We are seeking an Internal Penetration Tester to join on a 6-month contract. You will carry out advanced penetration testing across applications, APIs, internal infrastructure, networks, and cloud environments. The role involves simulating real-world attacks, identifying vulnerabilities, and providing clear remediation guidance to improve overall security posture.

Key Responsibilities

.
Conduct full-scope penetration tests of applications, APIs, networks, cloud, and internal infrastructure.
.
Perform network testing, Active Directory enumeration/abuse, and privilege escalation.
.
Identify weaknesses in authentication, authorization, input validation, and cloud/AD configurations.
.
Simulate attacker techniques to test system resilience.
.
Produce clear reports for both technical and executive audiences, including remediation advice.
.
Collaborate with development, cloud, and infrastructure teams to close vulnerabilities.

Candidate Profile

Essential Skills & Experience

.
3-7+ years in penetration testing, red teaming, or offensive security.
.
Strong application security knowledge (OWASP Top 10, API security).
.
Hands-on experience in end-to-end pentests (internal, external, cloud, AD, web app, API).
.
Strong Scripting skills (Python, Shell, Bash).
.
Comfortable with Windows, Linux, Active Directory, Azure AD/Entra ID.
.
Cloud platforms: AWS, Azure, GCP.
.
Practical knowledge of tools such as Nmap, Nessus, Metasploit, Burp Suite, SQLmap, ScoutSuite, Pacu.

Desirable

.
Excellent client communication and reporting skills.
.
Security certifications (eg OSCP, OSEP, GPEN, eCPPT, AWS/Azure Security).
.
Strong analytical and problem-solving skills.