CREST Accredited Penetration Tester

As a Penetration Tester at the Cyber and Fraud Centre, you will deliver high-quality, ethical penetration testing engagements aligned with CREST standards. You will work across a diverse range of organisations, helping them understand their exposure to cyber threats and supporting practical, proportionate improvements.

This is a hands-on technical role with scope to influence service development, mentor others, and contribute to Scotland's wider cyber resilience ecosystem., * Deliver CREST-aligned penetration testing engagements, including:

• Infrastructure and network testing
• Web and application testing
• Cloud and hybrid environments
• Plan, scope and execute tests in line with agreed methodologies and best practice
• Produce clear, high-quality technical and executive-level reports
• Communicate findings and risk in a clear, constructive manner to a range of stakeholders
• Support remediation discussions and re-testing where required
• Maintain accurate records and testing artefacts in line with governance and assurance requirements
• Contribute to continuous improvement of tools, methodologies and internal knowledge sharing

• CREST accreditation
• Proven experience delivering penetration testing in professional or client-facing environments
• Strong understanding of common vulnerabilities and attack techniques (e.g. OWASP Top 10, MITRE ATT&CK)
• Experience with industry-standard tools (e.g. Burp Suite, Nmap, Metasploit, Nessus or equivalents)
• Ability to write clear, high-quality technical reports
• Strong ethical mindset and commitment to responsible disclosure

Desirable

• Experience in cloud security testing (AWS, Azure, GCP)
• Knowledge of secure architecture or defensive controls
• Experience mentoring junior testers
• Additional certifications (e.g. OSCP, CHECK, CISSP, cloud security certs)

What We Offer

• Meaningful work with real-world impact across Scotland's cyber ecosystem
• Flexible and hybrid working arrangements
• Support for continued professional development and certification
• A collaborative, mission-driven culture
• Competitive salary and benefits package (commensurate with experience)

The Cyber and Fraud Centre Scotland supports organisations across Scotland to strengthen their resilience against cybercrime and fraud. We are Scotland's only cyber social enterprise working at the intersection of cyber security, threat intelligence and harm prevention, we partner with businesses, public sector bodies and law enforcement to reduce risk and improve security maturity nationwide.