JUNIOR PCI PENETRATION TESTERS - LONDON (REMOTE) 35,000 - 45,000 Fully Remote (UK-based) Cybersecurity Scale-Up A rapidly growing cybersecurity company is seeking Junior PCI Penetration Testers to join their expanding offensive security team. The Role: Conduct PCI-DSS v4.0 compliance testing including manual penetration testing, quarterly vulnerability scanning, and network segmentation assessments Manage client engagements from scoping through to delivery Perform security assessments using industry-standard tools (Nessus, nmap, Burp Suite, Metasploit) Report findings to technical and non-technical stakeholders Support clients in maintaining PCI-DSS compliance Essential Requirements: UK Bachelor's degree in Computer Science, Cybersecurity or related subject 1+ years commercial penetration testing experience Strong understanding of operating systems, networking fundamentals, and security concepts Exposure to or interest in PCI-DSS compliance testing Programming/scripting experience Genuine passion for security (CTFs, bug bounty, TryHackMe, personal projects) Desirable: Progress towards OSCP, CPENT, CEH, or CompTIA Security+ Experience with vulnerability scanning tools Understanding of PCI-DSS framework Company Culture: Graduate-focused team valuing technical depth and continuous learning Strong computer science fundamentals required Looking for mouldable candidates who demonstrate passion for technology beyond work hours Location: Fully remote within UK, optional hybrid working from London office
Jan 09, 2026
Full time
JUNIOR PCI PENETRATION TESTERS - LONDON (REMOTE) 35,000 - 45,000 Fully Remote (UK-based) Cybersecurity Scale-Up A rapidly growing cybersecurity company is seeking Junior PCI Penetration Testers to join their expanding offensive security team. The Role: Conduct PCI-DSS v4.0 compliance testing including manual penetration testing, quarterly vulnerability scanning, and network segmentation assessments Manage client engagements from scoping through to delivery Perform security assessments using industry-standard tools (Nessus, nmap, Burp Suite, Metasploit) Report findings to technical and non-technical stakeholders Support clients in maintaining PCI-DSS compliance Essential Requirements: UK Bachelor's degree in Computer Science, Cybersecurity or related subject 1+ years commercial penetration testing experience Strong understanding of operating systems, networking fundamentals, and security concepts Exposure to or interest in PCI-DSS compliance testing Programming/scripting experience Genuine passion for security (CTFs, bug bounty, TryHackMe, personal projects) Desirable: Progress towards OSCP, CPENT, CEH, or CompTIA Security+ Experience with vulnerability scanning tools Understanding of PCI-DSS framework Company Culture: Graduate-focused team valuing technical depth and continuous learning Strong computer science fundamentals required Looking for mouldable candidates who demonstrate passion for technology beyond work hours Location: Fully remote within UK, optional hybrid working from London office
Who you'll be joining We're problem solvers at heart. Sometimes the answer is technology, sometimes it is strategy, and sometimes it is a strong cup of tea and a bit of thoughtful conversation. Whatever it takes, we work it out with our clients. We're an IT consultancy that helps organisations get the best out of their technology. That means keeping them secure and keeping the bad guys out, making sure everything works and is easy to use, and doing smart things with data and software to give their business an edge. It is important work, and we care about doing it well and for the right reasons. Life at Waterstons is friendly, flexible and built on trust. We hire people who are curious, thoughtful and good at getting to the heart of a problem. You get support, trust and room to grow in a place that still feels human. The unlimited holidays and private healthcare are a nice touch, although most people stay because it feels like the right place to do good work with good people. What You'll Be Doing A technical security expert with the ability to conduct penetration tests and the appetite to deliver a wide spectrum of interesting security related work seeking a new challenge to join our growing Cyber team to help shape the company's security and compliance services nationwide for a leading IT and business consultancy, supporting national and international clients. Your Day-to-Day Leading and delivering web application penetration testing, with an expectation to participate in infrastructure penetration testing, vulnerability assessments, and security audits across various business functions as needed Lead technical scoping activities and understanding a client's requirements to ensure they get the most out of their engagement with Waterstons Write clear, concise, and professional reports that are understandable to both technical and non-technical stakeholders. Being available to travel to client sites when required Improving areas of work, such as methodologies, tools and processes used by the team Helping upskill junior members and the wider cyber team Maintain up-to-date knowledge of emerging security threats and trends. Ability to manage multiple client engagements concurrently Act as a trusted partner to all of our clients What we're looking for If some (or most) of the following sound like you, we'd love to hear from you: Proven experience in performing penetration tests across a broad range of systems, more specifically web applications and APIs Wider technical knowledge of network and cloud infrastructure security Understanding of security vulnerabilities and risk mitigation techniques Extensive tooling experience such as Metasploit, Nmap, BloodHound, Eyewitness, Burp Suite, NIKTO, OWASP Zap etc. Nice to have Qualifications such as: CRT, CHECK Team Member (CTM) or CSTL, OSCP, CSTL Be a Cyber Essentials Plus Auditor Experience with scripting languages such as Python, Bash, or PowerShell Experience with Mobile Application Penetration Testing. How We Take Care of You As well as offering a competitive salary, we have an attractive benefits package including: A healthy work life balance with flexible and agile working being the norm Unlimited holiday allowance EV car scheme (salary sacrifice) Room to grow with supported development opportunities and sponsored training Enhanced family policies If you ever need it, company sick pay and life assurance Supported wellbeing with regular initiatives, an employee assistance programme and private medical insurance Flexible benefits such as a dental scheme, eye care support, season ticket loan and cycle to work We require a security check to be carried out on all colleagues due to the nature of some of our clients' industries. Waterstons is committed to creating and an inclusive, understanding, and flexible place to work. We value diversity, equality and inclusion and encourage everyone to 'bring their whole selves' to work. We believe that a company that works to truly embrace and value diversity, create an environment where everyone from any background can do their best work, and feel valued and appreciated is a better company to work for. Privacy Statement Waterstons are gathering the data in this application for the purpose of recruitment and to ensure we can contact you regarding this application. For information about what we do with your personal data see our Privacy Notice.
Jan 01, 2026
Full time
Who you'll be joining We're problem solvers at heart. Sometimes the answer is technology, sometimes it is strategy, and sometimes it is a strong cup of tea and a bit of thoughtful conversation. Whatever it takes, we work it out with our clients. We're an IT consultancy that helps organisations get the best out of their technology. That means keeping them secure and keeping the bad guys out, making sure everything works and is easy to use, and doing smart things with data and software to give their business an edge. It is important work, and we care about doing it well and for the right reasons. Life at Waterstons is friendly, flexible and built on trust. We hire people who are curious, thoughtful and good at getting to the heart of a problem. You get support, trust and room to grow in a place that still feels human. The unlimited holidays and private healthcare are a nice touch, although most people stay because it feels like the right place to do good work with good people. What You'll Be Doing A technical security expert with the ability to conduct penetration tests and the appetite to deliver a wide spectrum of interesting security related work seeking a new challenge to join our growing Cyber team to help shape the company's security and compliance services nationwide for a leading IT and business consultancy, supporting national and international clients. Your Day-to-Day Leading and delivering web application penetration testing, with an expectation to participate in infrastructure penetration testing, vulnerability assessments, and security audits across various business functions as needed Lead technical scoping activities and understanding a client's requirements to ensure they get the most out of their engagement with Waterstons Write clear, concise, and professional reports that are understandable to both technical and non-technical stakeholders. Being available to travel to client sites when required Improving areas of work, such as methodologies, tools and processes used by the team Helping upskill junior members and the wider cyber team Maintain up-to-date knowledge of emerging security threats and trends. Ability to manage multiple client engagements concurrently Act as a trusted partner to all of our clients What we're looking for If some (or most) of the following sound like you, we'd love to hear from you: Proven experience in performing penetration tests across a broad range of systems, more specifically web applications and APIs Wider technical knowledge of network and cloud infrastructure security Understanding of security vulnerabilities and risk mitigation techniques Extensive tooling experience such as Metasploit, Nmap, BloodHound, Eyewitness, Burp Suite, NIKTO, OWASP Zap etc. Nice to have Qualifications such as: CRT, CHECK Team Member (CTM) or CSTL, OSCP, CSTL Be a Cyber Essentials Plus Auditor Experience with scripting languages such as Python, Bash, or PowerShell Experience with Mobile Application Penetration Testing. How We Take Care of You As well as offering a competitive salary, we have an attractive benefits package including: A healthy work life balance with flexible and agile working being the norm Unlimited holiday allowance EV car scheme (salary sacrifice) Room to grow with supported development opportunities and sponsored training Enhanced family policies If you ever need it, company sick pay and life assurance Supported wellbeing with regular initiatives, an employee assistance programme and private medical insurance Flexible benefits such as a dental scheme, eye care support, season ticket loan and cycle to work We require a security check to be carried out on all colleagues due to the nature of some of our clients' industries. Waterstons is committed to creating and an inclusive, understanding, and flexible place to work. We value diversity, equality and inclusion and encourage everyone to 'bring their whole selves' to work. We believe that a company that works to truly embrace and value diversity, create an environment where everyone from any background can do their best work, and feel valued and appreciated is a better company to work for. Privacy Statement Waterstons are gathering the data in this application for the purpose of recruitment and to ensure we can contact you regarding this application. For information about what we do with your personal data see our Privacy Notice.
AI-Augmented Pentesting: Human Expertise Where It Matters Most. At OnSecurity, we're redefining cybersecurity through AI-augmented penetration testing - the perfect blend of AI efficiency and human ingenuity. We deliver comprehensive, CREST-approved testing that saves time and money without compromising quality. Our all-in-one platform combines AI-driven automation with expert human insight to provide faster, more accurate results. The outcome? Streamlined testing, actionable intelligence, and security at scale. We're revolutionising how organisations protect their digital assets helping businesses stay secure, resilient, and one step ahead of threats. Working Hours and Location We are based in the UK with employees working remotely. Some roles may have hybrid preference depending on the team. You can ask us about the best working hours and work setup in the recruitment process if there's something that's important to you. We try to be as flexible as possible. All we ask is that everyone is online between our core hours of 10:00-16:00 (UK time) so that everyone overlaps for the majority of the day. It's up to you and your manager to find the right schedule that works for you and your team. Role Purpose As a Penetration Tester , you'll play a central role in delivering high-quality, manual security testing to OnSecurity clients across a variety of sectors. You'll take ownership of full test cycles; scoping, delivery, reporting, and client communication while helping to mentor junior testers and enhance OnSecurity's technical capabilities. This role blends autonomy, technical depth, and real impact. Role Importance, Responsibilities and Impact What you will be doing: Delivering web, API, mobile, and infrastructure penetration tests remotely. Identifying, analysing, and exploiting vulnerabilities beyond automated tools. Producing detailed, high-quality reports for developers and security teams. Collaborating with internal testers to refine methodologies and tooling. Contributing to TestNet and methodology development. Mentoring Junior testers. What you won't be doing: Following rigid scripts, you'll be encouraged to think critically and creatively. Getting lost in bureaucracy, we empower our testers to deliver results via our intuitive portal Timeline for Role Expectations Within 1 month: Become familiar with our testing platform and delivery process. Within 3 months: Lead your own engagements end-to-end and produce client-ready reports. Within 6 months: Contribute to internal tooling, mentor junior testers, and help shape new methodologies. About You This role is a great fit if you . Minimum 2 years' experience delivering penetration tests in one or more disciplines. Strong knowledge of OWASP Top 10 and common vulnerability classes. Excellent written and verbal communication skills. Enthusiastic team player who values collaboration and quality delivery. Compensation What you will get for your hard work . A competitive compensation package . The salary range for this role is roughly £35k - £60k annually, depending on experience. Work at one of the fastest-growing Cyber Security Scale-Ups revolutionising pentesting. A clear progression plan. We want you to keep growing. That means trying new things, leading others, challenging the status quo and owning your impact, always with our complete support. Flexibility : We promote life-work balance at OnSecurity. We encourage everyone on our team to enjoy their life and ensure they have the balance they need to reach their full potential. Work where you work best. We're a distributed team. If you live in Bristol, we have a hybrid approach, if this is something that fits for your team. Otherwise, we are remote, and so we build our ways of working around this. Other benefits: 30 days of paid annual leave, plus bank holidays Company Pension Scheme Private Health Insurance with Vitality Employee Assistance Program (EAP) Group Life Assurance (x4 salary) Enhanced Maternity, Paternity, and Adoption Leave Paid study leave for employees to level up their skills Mentorship and Coaching Annual Performance reviews and recognition for high performance Regular socials and activities, online and in-person.
Jan 01, 2026
Full time
AI-Augmented Pentesting: Human Expertise Where It Matters Most. At OnSecurity, we're redefining cybersecurity through AI-augmented penetration testing - the perfect blend of AI efficiency and human ingenuity. We deliver comprehensive, CREST-approved testing that saves time and money without compromising quality. Our all-in-one platform combines AI-driven automation with expert human insight to provide faster, more accurate results. The outcome? Streamlined testing, actionable intelligence, and security at scale. We're revolutionising how organisations protect their digital assets helping businesses stay secure, resilient, and one step ahead of threats. Working Hours and Location We are based in the UK with employees working remotely. Some roles may have hybrid preference depending on the team. You can ask us about the best working hours and work setup in the recruitment process if there's something that's important to you. We try to be as flexible as possible. All we ask is that everyone is online between our core hours of 10:00-16:00 (UK time) so that everyone overlaps for the majority of the day. It's up to you and your manager to find the right schedule that works for you and your team. Role Purpose As a Penetration Tester , you'll play a central role in delivering high-quality, manual security testing to OnSecurity clients across a variety of sectors. You'll take ownership of full test cycles; scoping, delivery, reporting, and client communication while helping to mentor junior testers and enhance OnSecurity's technical capabilities. This role blends autonomy, technical depth, and real impact. Role Importance, Responsibilities and Impact What you will be doing: Delivering web, API, mobile, and infrastructure penetration tests remotely. Identifying, analysing, and exploiting vulnerabilities beyond automated tools. Producing detailed, high-quality reports for developers and security teams. Collaborating with internal testers to refine methodologies and tooling. Contributing to TestNet and methodology development. Mentoring Junior testers. What you won't be doing: Following rigid scripts, you'll be encouraged to think critically and creatively. Getting lost in bureaucracy, we empower our testers to deliver results via our intuitive portal Timeline for Role Expectations Within 1 month: Become familiar with our testing platform and delivery process. Within 3 months: Lead your own engagements end-to-end and produce client-ready reports. Within 6 months: Contribute to internal tooling, mentor junior testers, and help shape new methodologies. About You This role is a great fit if you . Minimum 2 years' experience delivering penetration tests in one or more disciplines. Strong knowledge of OWASP Top 10 and common vulnerability classes. Excellent written and verbal communication skills. Enthusiastic team player who values collaboration and quality delivery. Compensation What you will get for your hard work . A competitive compensation package . The salary range for this role is roughly £35k - £60k annually, depending on experience. Work at one of the fastest-growing Cyber Security Scale-Ups revolutionising pentesting. A clear progression plan. We want you to keep growing. That means trying new things, leading others, challenging the status quo and owning your impact, always with our complete support. Flexibility : We promote life-work balance at OnSecurity. We encourage everyone on our team to enjoy their life and ensure they have the balance they need to reach their full potential. Work where you work best. We're a distributed team. If you live in Bristol, we have a hybrid approach, if this is something that fits for your team. Otherwise, we are remote, and so we build our ways of working around this. Other benefits: 30 days of paid annual leave, plus bank holidays Company Pension Scheme Private Health Insurance with Vitality Employee Assistance Program (EAP) Group Life Assurance (x4 salary) Enhanced Maternity, Paternity, and Adoption Leave Paid study leave for employees to level up their skills Mentorship and Coaching Annual Performance reviews and recognition for high performance Regular socials and activities, online and in-person.
