Role: Lead Penetration Test Engineer
Type: Long-term contract
Location: UK remote, with occasional client visits as required, travel expenses covered
Clearance required: Active SC, or SC + NPPV3
Summary
We’re building a network of remote based, SC cleared Lead Penetration Test Engineers across the country for
upcoming opportunities during 2026. This is not an immediate live vacancy, but a proactive market-mapping
exercise to identify cleared professionals for future client demand. Roles could become active imminently or
within 3 months. We are keen to speak with security testing professionals who can identify and assess
vulnerabilities across web applications, APIs, mobile applications, and related environments, while working
closely with technical stakeholders to improve overall security posture. Candidates must already hold active SC
clearance or SC clearance plus NPPV3. Clearance must be current, or within 3 months of expiry.
Key responsibilities
• Plan and deliver application penetration testing across web applications, APIs, mobile applications,
and related platforms.
• Identify and exploit vulnerabilities using a combination of manual and automated testing techniques.
• Produce clear, detailed findings reports including evidence, risk explanation, & remediation guidance.
• Work closely with developers, architects, and security stakeholders to support vulnerability
remediation and secure design improvement.
• Provide guidance on secure development practices and application security risks.
• Support ongoing improvements to internal testing approaches, tooling, and security processes.
• Stay up to date with current vulnerabilities, attack techniques, and industry best practice.
• Contribute to wider security assurance activities where needed, including infrastructure, cloud, or
thick-client testing.
Essential skills and experience
• Recent hands-on experience in application penetration testing.
• Experience assessing web applications, APIs, and ideally mobile applications.
• Strong knowledge of common application vulnerabilities and remediation approaches, including the
OWASP Top 10.
• Experience using Burp Suite for application security testing.
• Experience using Kali Linux and related tools such as Nmap, Wireshark, OWASP ZAP, Sqlmap, and
Metasploit.
• Understanding of formal application penetration testing methodologies such as OSSTMM or PTES.
• Knowledge of scripting or programming languages such as Python, Ruby, Bash, or PowerShell.
• Good understanding of secure software development lifecycle principles, including Agile, DevOps, or
DevSecOps practices.
• Strong written and verbal communication skills, with the ability to produce high-quality client-ready
documentation.
Desirable skills and experience
• Experience across cloud and infrastructure security testing.
• Familiarity with AWS, Azure, or Google Cloud.
• Knowledge of operating systems and environments including Linux, Windows, Mac OS, virtualisation
platforms, and Active Directory.
• Experience with threat modelling.
• Awareness of security and compliance frameworks such as ISO 27001, NCSC Cyber Essentials, NIST,
and CIS.
• Experience contributing to secure design discussions or security code reviews.
Certifications
• We would be particularly interested in professionals holding one or more recognised penetration testing
certifications, such as:
o CEH
o OSCP
o GPEN
o GWAPT
o CompTIA PenTest+
• Equivalent practical experience will also be considered.
Security clearance requirement
• Applicants must already hold:
o Active SC clearance, or
o Active SC clearance plus NPPV3
• Clearance must be live, or due to expire within the next 3 months.
• This opportunity pipeline is not suitable for candidates who would need to obtain clearance from
scratch.
InspiredXpert is a specialist IT Talent Solutions company providing high-quality contract or perm talent
across software development, cloud, AI, cybersecurity, and data-driven roles. We connect skilled
professionals with innovative companies, offering exciting opportunities to work on impactful projects
across the globe.
