Back to job search

Lead Penetration Tester - Web Specialist

  • Location:

    City of London

  • Sector:

    Cyber Security

  • Job type:


  • Contact:

    Octavian Donnelly

  • Contact email:

  • Contact phone:


  • Job ref:


  • Published:

    24 days ago

  • Expiry date:


​Rutherford has an amazing opportunity for any Penetration Tester looking to join a dynamic challenger advisory firm's management team. This Principal Penetration Tester role comes with a generous package of up to £100,000 per annum + benefits. This is a great opportunity for any web specialist with an entrepreneurial mindset, who is ready to take on a new challenge: to develop a new offensive security product.

Our client

Our client is a challenger cyber security firm with a global footprint that offers managed security and consultancy services to its customers. For more than 15 years, the firm has been building long-standing relationships with their clients, continuously defending their people, property and data against cyber security threats.

With a close-knit team of 70 people, our client is about to grow tremendously, thanks to solid funding, ambitious goals and an impressive track record. They are now looking to build out the Professional Services department, for which they will need talented individuals who think ahead of the curve, have an entrepreneurial spirit and are not afraid to speak their mind.

Please note that we can only consider UK-based candidates for this role.

The Role

Our client is now looking for a Lead Penetration Tester - Web Specialist. This is a senior role in the penetration testing team that will provide:

  • Experienced penetration testing capability to customers;

  • Guidance and training to more junior members of the team to help them advance their skills;

  • Ownership of the web testing capability and expanding this capability to stretch upstream in code review and Secure Development Life Cycle.

This is an exciting role that will allow you to grow your own skills, experience and ability. You will be required to bring innovation and drive to develop the capabilities in line with customer demands and where our client sees the marketplace progressing.


  • Delivery of pen testing across all fields of testing (e.g. web, network, mobile...)

  • Experience of Vulnerability scanning tools (Qualys, Nessus), and knowledge of pen testing platforms (e.g. Backtrack/Kali, Nmap and Burpsuit).

  • Expert insight of OWASP Top 10, and web application penetration testing.

  • A consultative and professional approach to help build out client relationships.

  • Excellent report writing skills.

  • Able to communicate clearly with comfort translating the technical details into wider business context for senior stakeholders

  • Working as part of a team, but capable of being self sufficient on small engagements.

  • Clear understanding of ethics, and rules of engagement/scope.

  • Flexibility in approach that will allow deployment onto wider cyber security projects as customer demands require.

  • Leadership ownership and growth of the firm's web and mobile focused testing capabilities.

  • Develop and grow the firm's review and SDLC capability.

Work Context

  • Strong team work ethic to help develop other team members and the firm's wider capabilities

  • Client relationship building (face-to-face, by telephone or otherwise, including visits to customer sites)

  • Requires attention to detail and a high level of accuracy

  • Strong ethics, clear understanding of penetration-testing rules-of-engagement, scope limits, etc.

Your Profile

  • Proactive, "can do" attitude

  • Must be able to take on responsibility and leadership for web app capability

  • Must be self-sufficient, but also able to work in a team

  • Natural coaching and teaching style

  • Problem solving skills

  • Excellent communications skills, extending to clear report writing skills

  • Ethical

  • Professional

Key qualifications and skills


  • 5+ years Penetration Testing Experience

  • Knowledge of Kali Linux (Penetration Testing Platform) - formerly BackTrack

  • Knowledge of essential tools (Nmap, Metasploit, Sqlmap, Hydra, Burpsuite, Qualys/Nessus or similar vulnerability scanning engine)

  • Report writing skills

  • Knowledge of OWASP Top10/Testing guideline

  • Coding/Programming background (e.g. PHO, Python, Ruby, Java)

  • Understanding of Dev Ops working practices

  • Either CREST CCT WebApp OR Tigerscheme Senior (CLT equivalent) SST Web App

* Please note that we can also accept candidates who have achieved CREST CRT and have the time qualification or skillset for CCT-A, or Tigerscheme QSTM and are ready to pas SST-A.


  • Industry experience that will help the firm attract wider clients

  • Experience of running or leading red team engagements

About Rutherford

Rutherford is a boutique search firm located in London. Our consultants are the executive specialists in compliance recruitment, and also in financial crime, legal and cyber security, all within the financial and professional services sectors in the United Kingdom and New York. We use our carefully curated relationships, networks and market knowledge to find the best fit for the clients in hand. We work with a wide range of clients, spanning from advisors, management consultants, corporate and commercial banks, brokers, exchanges, MTFs and financial tech, through to global investment managers, hedge funds, private equity firms, investment banks and technology firms. We began as a compliance recruitment firm in London and expanded to offer new resourcing expertise across legal and cyber recruitment. We have been a leading legal and compliance search agency in London for a decade and are exciting about bringing our expanded offering into the technology area.

Remote working

We are currently looking for regionally-located Cyber Security professionals (Cyber Risk, IDAM, GDPR, Digital Trust, Solutions Architects, Pentesters) from across the United Kingdom who would be interested in working for London firms on an interim WFH basis: Kent, East Sussex, Essex, Cambridgeshire, Suffolk, Bedfordshire, Buckinghamshire, Hertfordshire, Oxfordshire, Berkshire, Wiltshire, Surrey or Hampshire.

We are also interested in hearing from candidates in Manchester, Birmingham, Oxford, Winchester and Salisbury.