Conduct advanced penetration testing engagements across web applications, networks, and cloud environments, delivering actionable findings for APPIT Software Solutions in London.
London, UK
Full-time
Cybersecurity
Responsibilities
Plan and execute penetration testing engagements covering web applications, APIs, mobile apps, and internal/external networks
Perform advanced exploitation techniques including privilege escalation, lateral movement, and Active Directory attacks
Conduct red team exercises simulating real-world adversary tactics, techniques, and procedures (TTPs)
Write detailed technical reports with clear risk ratings, proof-of-concept exploits, and prioritized remediation guidance
Collaborate with blue team and engineering teams to validate fixes and improve detection capabilities
Research emerging vulnerabilities, develop custom exploit tools, and maintain an up-to-date attack methodology library
Requirements
5+ years of professional penetration testing or ethical hacking experience
OSCP, OSCE, OSEP, or CREST CRT/CCT certification required
Expert proficiency with penetration testing tools (Metasploit, Cobalt Strike, Burp Suite Professional, Nmap, BloodHound)
Strong understanding of network protocols (TCP/IP, DNS, HTTP/S), Active Directory, and common enterprise architectures
Experience with cloud penetration testing across AWS, Azure, or GCP environments
Ability to write custom scripts and exploits in Python, PowerShell, or C for engagement-specific needs
Nice to Have
Experience with purple team exercises and MITRE ATT&CK framework mapping
Background in bug bounty programs with recognized findings