Senior Security Consultant - Organization Security - United Kingdom (Remote)

About CENSUS

CENSUS is an internationally acclaimed cybersecurity services provider. We support the needs of multiple industries, providing IT and OT security services to public and private organizations around the world, ranging from financial institutions and critical infrastructure to automotive and secure communications, including Fortune 500 companies. Powered by cutting edge research, scientific analysis and in depth engineering experience across various industries & technologies, CENSUS delivers unparalleled security consulting & assessment services for products (software, services, devices, and large scale platforms), infrastructure, and organizations.

About the Job / Key Responsibilities

CENSUS' bespoke cybersecurity services are built upon a talented pool of Security Engineers, whose role extends beyond mere adherence to industry best practices. Under the management and mentorship of our Senior and Principal technical managers, our Security Engineers are entrusted with assessing the completeness and maturity of an extensive range of cybersecurity products and features. Along with capturing defects and inefficiencies, in depth mitigation strategies are explored, presented, and re evaluated post their integration, in a highly agile and adaptive service delivery model.

We are looking for talented & ambitious professionals to grow our Security Engineering team and join our ongoing mission to deliver in depth and top tier cybersecurity services to our valued clients. As part of this role, you will use your knowledge and experience - in the Penetration Testing and Application Security domains - to execute security assessments and mitigation consulting activities scoped across organizations and products of various industries. As part of your daily tasks, you will:

• Conduct penetration tests (network, social, physical, adjacent, and more) that target Organizations, Networks, Application and Cloud infrastructure and evaluate their security defenses in depth.
• Assess the security posture of applications (mobile, web / cloud, core networks, etc.) via functional testing, fuzz testing and other applicable methodologies.
• Review the security maturity of edge systems (IoT, kiosk terminals, operator terminals, etc.) that are interconnected via public or private networks.
• Conduct targeted research for the purposes of understanding a vendor specific technology, identify its security critical components, and prioritize impactful attack vectors.
• Document and present security risks & mitigation recommendations in both technical and business oriented language.

Minimum Qualifications

• BSc or MSc in Electrical Engineering, Computer Science, Computer Engineering, or equivalent practical experience.
• 4+ years of experience in VAPT, IT security or application security (mobile, web front end, backend, etc.) related roles. Experience can be an assessment / consultancy role, an equivalent role in other engineering organizations, or a combination of them.
• Proven experience in vulnerability assessment, penetration testing or security testing at the network, application, or system level.
• Active Directory and Cloud Infrastructure Knowledge.

Key Skills

• Experience with Information Security fundamentals (risk management, security best practices, data protection, communication encryption, authentication, authorization, etc.) and cyber threats of modern systems & networks.
• Experience with the technologies and security controls present in application (web full stack, WAF, EDR, data encryption, transport protection, etc.), network (firewalls, segmentation, IDS/IPS, VPN, etc.) and Windows / Linux system (privileges, roles/groups, AV/Endpoints, secret storage, etc.) architectures.
• Experience in identifying, exploiting, and reporting vulnerabilities in the context of Red Team / VAPT tasks (OWASP Web / Mobile Top10 vulnerabilities, access control, insecure configurations, secrets management, etc.).
• Experience in Active Directory Attacks (Pass the Hash, Pass the Ticket, Kerberoasting, Golden Ticket, Silver Ticket, DCSync, Credential dumping, Abuse of ACLs, Lateral movement via SMB, etc.).
• Experience in using pentest and other security related tools for information gathering, vulnerability discovery, exploitation, evasion, persistence, and pivoting in Cloud environments.
• Experience with authentication, authorization, role based ACL, identity, and access management methods, such as OAuth, MFA, SSO, JWT, PKI, Cloud IAM, etc.
• Experience with basic cryptographic primitives, such as symmetric & asymmetric encryption, authenticated encryption, key derivation, and key exchange.
• Ability to monitor the current threat landscape, emerging threads and follow their technical analysis and published exploitation techniques.
• Problem solving skills, analytical thinking, and willingness to learn/grow.
• Proficient in English and excellent communication skills.

OUR Values & Core Competencies

Act with Integrity We uphold the highest ethical standards and take full responsibility in every action - whether securing systems, researching vulnerabilities, or collaborating with clients. Trust is the foundation of our impact.

Collaborate with Trust We bring together diverse perspectives across disciplines and borders, knowing that collective intelligence leads to stronger, more resilient outcomes.

Challenge with Curiosity We question deeply, explore fearlessly, and pursue knowledge relentlessly to uncover threats, solve root problems, and drive smarter security decisions.

Innovate to Protect We create with purpose - building secure, scalable, and forward looking solutions that safeguard people, organizations, and the digital future.

Adapt with Precision We move with speed and discipline - learning from failure, refining our approach, and staying focused amid complexity and constant change.

Ready to Make an Impact?

Apply today!