We’re a growing MSP based in Melton Mowbray, helping organisations of all sizes strengthen their security posture and achieve recognised certifications. We’re looking for a skilled Cyber Security Consultant specialising in Penetration Testing to deliver high-quality security testing and assurance across a diverse client base. You’ll lead and support security assessments including network, web application, mobile, cloud, wireless, and internal infrastructure testing, alongside Cyber Essentials and Cyber Essentials Plus (CE/CE+) assessments.
This role suits someone who enjoys hands-on technical work, clear reporting, and helping clients improve their security posture in practical, measurable ways. This is primarily an office-based role that will require occasional travel to client sites.
Key Responsibilities
Penetration Testing and Security Assessments:
Deliver CREST-aligned penetration tests across external and internal networks, web applications and APIs, mobile applications (iOS/Android), and Cloud environments (Azure, AWS, GCP).
Wireless networks and remote working setups.
Security configuration and segmentation reviews.
Perform vulnerability assessments and risk-based testing using industry best practices.
Validate findings, reproduce issues, and advise on realistic remediation.
Support red team / adversarial simulation exercises where appropriate.
Cyber Essentials and Cyber Essentials Plus:
Conduct Cyber Essentials readiness reviews, gap assessments, and remediation guidance.
Lead Cyber Essentials Plus technical audits, including sampling, evidence review, and on-site/remote verification.
Help clients interpret requirements and maintain compliance across re-certification cycles.
Ensure assessments are completed to scheme standards and timelines.
Reporting and Client Engagement:
Produce clear, high-quality technical reports with actionable remediation advice.
Present findings to technical and non-technical stakeholders.
Provide pragmatic risk prioritisation and security improvement roadmaps.
Contribute to scoping calls, statements of work, and test planning.
Continuous Improvement:
Maintain current knowledge of security threats, tooling, and testing methodologies.
Contribute to internal playbooks, checklists, and training materials.
Support junior consultants through mentoring and peer review.
Essential Skills and Experience:
Proven experience delivering penetration tests in commercial or consultancy settings.
Strong understanding of OWASP Top 10 / ASVS, common exploitation techniques and mitigations, network protocols, Active Directory, and Windows/Linux environments, and cloud security fundamentals.
Hands-on ability with common tools such as Burp Suite, Nmap, Metasploit, Nessus/Qualys, Wireshark, BloodHound, etc.
Confident communicator with excellent report-writing skills.
Solid grasp of compliance-driven security testing (esp. Cyber Essentials/CE+).
Full UK Driving Licence.
Desirable Skills and Certifications:
CREST CRT/CCRT/CCT or CHECK Team Member.
OSCP / OSWE / OSEP / GPEN / eCPPT / similar.
Experience with secure code review, SAST/DAST pipelines, or DevSecOps.
Familiarity with ISO 27001 or wider GRC frameworks.
What We Offer:
Competitive salary and annual performance bonus.
Training budget and certification support.
Clear progression path into Senior/Lead Consultant roles.
Flexible working and wellbeing support.
Exposure to varied, interesting client environments and modern tech stacks.
Collaborative team culture focused on quality and continuous learning.