Senior Penetration Tester
Role details
Job location
Tech stack
Job description
The Senior Penetration Tester plays a critical role in safeguarding Intact's assets by leading the scoping, planning, and execution of complex penetration tests across a diverse range of technologies, environments, and business functions, including network, application and cloud.
This position requires a deep technical understanding of offensive security methodologies, strong communication skills, and the ability to translate business requirements into actionable testing strategies.
As part of the role, the Senior Penetration Tester will actively contribute to purple team / threat simulation testing, working in close collaboration with defensive security teams to enhance detection and response capabilities. This involves simulating advanced attack scenarios, validating security controls, and leveraging frameworks such as MITRE ATT&CK to ensure comprehensive coverage of adversarial TTPs (Tactics, Techniques and Procedures). The successful candidate will play a key role in translating offensive insights into actionable defensive improvements, fostering a culture of continuous learning and resilience against evolving threats.
You'll make an impact by:
- Lead the scoping, planning, and delivery of complex penetration tests across networks, applications, cloud environments, and emerging technologies.
- Conduct advanced offensive security assessments to identify and exploit vulnerabilities, providing clear and actionable remediation guidance.
- Collaborate with defensive teams to help design and execute purple team exercises, improving detection and response capabilities.
- Produce high-quality reports and communicate findings effectively to technical and non-technical stakeholders.
- Assist the Cyber Defence team with vulnerability validation, and technical support during incident response.
- Mentor junior team members, sharing knowledge and best practices to develop overall team capability.
- Peer-review methodologies and reports to ensure repeatability and quality.
- Stay current with evolving threats, tools, and techniques, contributing to continuous improvement of testing methodologies and security posture.
- Maintain and champion the security testing elements of the SDLC
Requirements
- Experience of leading network, web, cloud, internal and red / purple team penetration tests
- Excellent knowledge of penetration testing approaches, tools and techniques
- Excellent knowledge of MITRE ATT&CK framework and TTPs
- Strong capability in identifying, validating, and clearly articulating vulnerabilities
- Experience writing high-quality reports with clear risk statements and remediation guidance
- Ability to perform threat modelling and attack surface analysis.
- Excellent knowledge and understanding of Open Web Application Security Project (OWASP)
- Demonstrable experience with automated, dynamic and static application security testing tools
- Experience in managing third party suppliers
- Relevant technical security qualifications or experience, for example OSCP, SANS, CREST, CRTO, or equivalent level
Benefits & conditions
Being part of our team means you'll have the support and freedom to bring your best self to work each day. As a permanent member, here's what you can look forward to
- Annual discretionary bonus
- Up to 11% pension contributions
- Hybrid working + flexible hours
- 25 days annual leave + bank holidays + buy/sell options
- Health & wellbeing + virtual GP
- Career development and mentoring
- Inclusive culture + employee networks
- Share investment options
