Penetration Tester (CHECK / CREST)

Role: Penetration Tester (CHECK / CREST)
Location: Fully Remote, UK (with client site visits as required)
Salary: £55,000 - £90,000 DOE + expenses + overnight bonus for site work
Type: Permanent, Full-Time

Summary:

We are looking for experienced Penetration Testers to join one of the UK's larger dedicated offensive security practices. With a team of around 70 testers split across CHECK and CREST work, this is a well-established consultancy delivering high-quality assessments across a broad client base, with genuine variety in engagement type, sector, and technical depth.

The team is structured across two streams, more commercially-driven engagements through CREST, and deeper, security-led work through CHECK, so there's a clear path whichever direction you want to lean. Multiple roles are available across mid and senior levels, and the company is flexible on starting clearance level (more below).

This role is fully remote with client site visits as required. No two weeks look the same.

Key Responsibilities:

• Deliver web application, API, and infrastructure penetration tests, taking ownership of engagements end-to-end from scoping through to final report delivery.
• Lead client-facing engagements, communicating high-risk findings as they are identified to support swift remediation.
• Produce clear, professional reports tailored to client-specific context and business risk.
• Support broader offensive security activities including red and purple team engagements, phishing simulations, and assumed-breach style assessments where relevant.
• Contribute to internal QA, mentor more junior consultants, and support report quality across the team.
• Stay up to date with the evolving threat landscape and contribute to internal R&D, tooling, and knowledge sharing.

Requirements:

• CHECK Team Member (CTM), CHECK Team Leader (CTL), CREST Registered Tester (CRT), or CREST Certified Tester (CCT) qualified, or actively progressing along either pathway at a senior level.
• Hands-on experience delivering web application, API, and/or infrastructure penetration tests in a professional consultancy setting.
• Strong understanding of common vulnerability classes (e.g. OWASP Top 10), exploitation techniques, and remediation guidance.
• Confident client-facing communication skills, with the ability to explain technical findings to both technical and non-technical audiences.
• Strong written reporting skills, with the ability to produce clear, well-structured deliverables.
• A genuine passion for offensive security, demonstrated through CTFs, labs (e.g. Hack The Box, TryHackMe), research, certifications, or community involvement.

Clearance:

Clearance requirements vary by role, some do not require any clearance, others are looking for SC or DV. The company will put successful candidates through the relevant clearance process where required, so existing clearance is welcomed but not essential across the board.

Benefits:

• Salary: £55,000 - £90,000, depending on experience, certifications and clearance level
• Fully remote working
• Overnight bonus for client site visits
• Travel and expenses covered for client work
• Clearance sponsorship (SC / DV) where required for the role
• Company pension scheme

Role: Penetration Tester (CHECK / CREST)
Location: Fully Remote, UK (with client site visits as required)
Salary: £55,000 - £90,000 DOE
Type: Permanent, Full-Time

Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this vacancy.

To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.