Penetration Tester

6 months ago


Remote, United Kingdom Jisc Full time

**More details**:
Penetration Tester and Security Specialist

**Salary**: From £42,321 per annum, negotiable depending on experience

Contract: Permanent

Location: Remote

Jisc is the UK higher, further education and skills sectors’ not-for-profit organisation for digital services and solutions. We believe education and research improves lives, and technology improves education and research.

Our vision is for the UK to be a world leader in technology for education and research and our mission is to power and empower our members with the technology and data they need to succeed. We know that digital technology has the ability to transform the student experience. We have the experience, expertise and know-how to drive that transformation.

About the role:
The Security division at Jisc provides a high-quality facility to protect the JANET network from intrusion, denial of service and all other service impacting potential threats and attacks. We make sure that our digital IT capabilities and expertise are applied cost-effectively and imaginatively to provide respected services.

We are looking for someone who will enjoy working in a dynamic, responsive, and collaborative environment and be dedicated to the success of our organisation. This is a great opportunity to join an exciting and diverse team, where you will play an active and hands on role in delivering technical engagements in Penetration Testing and Cyber Essentials. Engagements will be a combination of external and internal, supporting our customer base and collaborating internally to ensure all Jisc’s other products and services are continually robust.

Other responsibilities will include:

- Identify and exploit security weaknesses and vulnerabilities in a controlled and ethical manner.
- Conduct in-depth analysis of security test results and provide detailed reports on findings, risks, and recommended remediation steps.
- Collaborate with the cybersecurity team to develop and implement effective security strategies and countermeasures.
- Assist in the development and improvement of security testing methodologies, tools, and frameworks.
- Communicate with clients or stakeholders to understand their security requirements and address their concerns.
- Scoping of security tests directly with internal partners and providing clarity on reporting parameters

Key Skills and Experience:

- Demonstrable experience of operating a range of industry standard tools for testing
- Relevant certifications, such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP), or equivalent
- Good understanding of networking protocols, operating systems, and web technologies.
- Familiarity with security standards and frameworks (e.g., OWASP, NIST, ISO 27001).
- Ability to deliver concise and effective briefings to diverse audiences, encompassing both technical and managerial backgrounds.
- Understanding of ISO9001, ISO27001, CREST, Cyber Essentials or similar environments.
- Clear understanding of the law as it relates to computer and cloud security.

Please refer to the job description for full details.

Don’t meet every single requirement?

Why work at Jisc:
At Jisc we believe a balance between your personal and professional life is essential to your happiness and fulfilment. We work flexibly at Jisc and focus on outputs rather than presenteeism and are open to a whole range of ways of working. It isn’t about how many hours you spend at home or at work; it’s about the flow you establish that brings energy to both parts of your life.

At Jisc, everyone plays a key role and gets the chance to feel part of it, that to us is the definition of a meaningful career. We want to create a culture of lifelong learning. You can look forward to a rewarding job with opportunities to develop and make a real difference to the education and research sectors.

We celebrate diversity, embrace our differences and know that this is critical for our success. We work hard to make sure we’re inclusive and we are committed to furthering our culture of inclusion. So, if you are great at what you do and share our values, we want to hear from you.

Our benefits are great too. We offer:

- Flexible work pattern, which can adapt to suit your schedules and personal commitments
- 28 days annual leave (plus bank holidays) and an additional three closure days over Christmas
- A generous pension scheme with above average employer contributions
- A range of leave options, including parental leave, volunteer leave and even career breaks.
- A generous budget to attend conferences and in-person training
- Allocated allowance of up to £250 to equip your home office
- A company culture which supports and promotes personal learning and development, including access to thousands of courses on LinkedIn Learning
- Mental health first aid trained staff and supportive environment, plus your own Wellbeing allowan



  • Remote, United Kingdom Trustmarque Full time

    Are you a passionate security expert eager to lead the charge in penetration testing? Join our dynamic Security Testing Practice and become a Senior Security Consultant, where you'll play a vital role in safeguarding our clients' digital ecosystems. What you’ll be doing: - **Sharpen Your Skills, Sharpen Our Security**: Stay at the forefront of the...


  • Remote, United Kingdom Claranet Full time

    **About The Role**: The Continuous Security Testing service is a consultant led vulnerability identification and verification service which makes use of automated vulnerability scanning along with significant manual testing against a broad scope in a continuing engagement. The purpose of the service is to continually monitor a customer’s external attack...

  • Penetration Tester

    6 months ago


    Remote, United Kingdom Claranet Full time

    **About The Role**: The Continuous Security Testing service is a consultant led vulnerability identification and verification service which makes use of automated vulnerability scanning along with significant manual testing against a broad scope in a continuing engagement. The purpose of the service is to continually monitor a customer’s external attack...