Cyber Security Consultant

About the role

We are seeking a highly capable and technically confident Cyber Security Consultant to join our growing consultancy team. This role involves delivering deep-dive penetration testing and security assessments across a range of environments - including web applications, mobile platforms, corporate infrastructure, and cloud-native deployments. This is not a volume-based or box-ticking position. Our consultancy engagements are tailored and often long-term, with a strong focus on working closely with our clients to improve their security posture in a meaningful and sustainable way. You’ll be involved in reviewing SDLC processes, CI/CD pipelines, firewall and network architecture, and delivering actionable recommendations embedded in real-world context. The ideal candidate has a background in hands-on testing combined with a strong understanding of secure development and infrastructure principles. This role is not suited to candidates who rely solely on automated tools or basic vulnerability scanning. Our clients expect - and we deliver - deep, contextual understanding of security issues, tailored technical insight, and meaningful engagement throughout the software and infrastructure lifecycle.

Key Requirements:

• Excellent interpersonal skills and a consultative approach.
• Web applications and APIs Penetration Testing.
• Mobile platforms (iOS, Android) Penetration Testing Internal and external infrastructure Penetration Testing.
• Cloud environments (AWS, Azure, GCP) Penetration Testing.
• Perform code-assisted reviews and DevSecOps assessments.
• CI/CD pipelines, build processes, and deployment workflows.
• Infrastructure-as-Code (IaC) and automation templates.
• Conduct firewall and network architecture reviews to evaluate segmentation, rule sets, and exposure.
• Identify and contextualise vulnerabilities across varied tech stacks and environments.
• Produce clear, professional, and tailored technical reports with actionable mitigation strategies.
• Act as a trusted advisor to clients over extended engagements, supporting secure implementation efforts.
• Stay current with emerging threats, TTPs, and tooling relevant to offensive and defensive engagements.

You will have:

• Led project teams on consultative projects, with experience of delivering a range of solutions.
• Experience in penetration testing, security consulting, or technical advisory roles.
• Proficiency in application security testing methodologies (OWASP Top 10, API testing, session management, etc.)
• Hands-on experience testing and analysing mobile applications (static/dynamic analysis).
• Good working knowledge of cloud security architecture and common misconfigurations (IAM, storage, networking, secrets).
• Familiarity with DevOps tooling and CI/CD pipelines (e.g. Jenkins, GitLab, Azure DevOps, GitHub Actions).
• Understanding of SDLC best practices, secure development processes, and developer engagement.
• Ability to perform firewall rule reviews, segmentation validation, and network-level security assessments.
• Solid written and verbal communication skills, with the ability to produce high-quality client deliverables.
• Competency in scripting or automation.

Skills:

• Experience in container and Kubernetes security reviews.
• Knowledge of secure coding principles and secure SDLC integration.
• Familiarity with both manual and automated testing tools (e.g. Burp Suite Pro, MobSF, Terraform scanners).
• One or more relevant certifications (e.g. OSCP, CRTO, CREST, GIAC certifications).

Benefits:

• A competitive salary depending upon experience
• 25 days annual leave, including your birthday off work
• 4 paid days for charity or community work
• Flexible  hybrid working
• 24/7 access to our Employee Assistance Plan (EAP)
• Earn up to £2000 in our recruitment referral scheme
• Challenging, technically rich engagements with a strong focus on quality over quantity.
• A flexible working environment with opportunities for long-term career development.
• Annual training and certification budget to support your growth.
• Access to internal research, tooling, and a collaborative team of experienced security professionals.
• An inclusive and supportive culture that values integrity, autonomy, and technical excellence.

Personal acumen:

• Must be confident and have the ability to hit the ground running.
• Consistent high standards of written and verbal communication and presentation skills (suitable for a board-level audience).
• Demonstrate a passion for and pride in what they do.

Clearance:

• The successful applicant should be eligible for or possess current SC status.

How to apply

If you are interested in applying for this role, please provide a short cover letter outlining your experience and why you would be a good fit for [Employer hidden — view at passion-project.co.uk] to [contact hidden]. Please quote reference JSCSC2025 in the subject line.

Or via LinkedIn – Cyber Security Consultant (Penetration Testing) | [Employer hidden] | LinkedIn

For more information on who we are what we do, please visit www.[Employer hidden].com.

Whilst we do our utmost to reply to each candidate, we are sometimes inundated with applications, and this can lead to slight delays in replies. If you do not hear back from us within 20 working days, please consider yourself unsuccessful and we thank you for your time and effort in applying for this role.