Xpert: Lead Penetration Test Engineer

Role:
Lead Penetration Test Engineer

Type:
Long-term contract

Location:

UK remote, with occasional client visits as required, travel expenses covered

Clearance required:

Active SC, or SC + NPPV3

We’re building a network of remote based, SC cleared Lead Penetration Test Engineers across the country for upcoming opportunities during 2026. This is not an immediate live vacancy, but a proactive market-mapping exercise to identify cleared professionals for future client demand. Roles could become active imminently or within 3 months. We are keen to speak with security testing professionals who can identify and assess vulnerabilities across web applications, APIs, mobile applications, and related environments, while working closely with technical stakeholders to improve overall security posture.

Candidates must already hold active SC clearance or SC clearance plus NPPV
3. Clearance must be current, or within 3 months of expiry.

• Plan and deliver application penetration testing across web applications, APIs, mobile applications, and related platforms.
• Identify and exploit vulnerabilities using a combination of manual and automated testing techniques.
• Produce clear, detailed findings reports including evidence, risk explanation, & remediation guidance.
• Work closely with developers, architects, and security stakeholders to support vulnerability remediation and secure design improvement.
• Provide guidance on secure development practices and application security risks.
• Support ongoing improvements to internal testing approaches, tooling, and security processes.
• Stay up to date with current vulnerabilities, attack techniques, and industry best practice.
• Contribute to wider security assurance activities where needed, including infrastructure, cloud, or thick-client testing.

• Recent hands-on experience in application penetration testing.
• Experience assessing web applications, APIs, and ideally mobile applications.
• Strong knowledge of common application vulnerabilities and remediation approaches, including the OWASP Top 10.
• Experience using Burp Suite for application security testing.
• Experience using Kali Linux and related tools such as Nmap, Wireshark, OWASP ZAP, Sqlmap, and Metasploit.
• Understanding of formal application penetration testing methodologies such as OSSTMM or PTES.
• Knowledge of scripting or programming languages such as Python, Ruby, Bash, or Power Shell.
• Good understanding of secure software development lifecycle principles, including Agile, Dev Ops, or Dev Sec Ops  practices.
• Strong written and verbal communication skills, with the ability to produce high-quality client-ready documentation.

• Experience across cloud and infrastructure security testing.
• Familiarity with AWS, Azure, or Google Cloud.
• Knowledge of operating systems and environments including Linux, Windows, Mac OS, virtualisation platforms, and Active Directory.
• Experience with threat modelling.
• Awareness of security and compliance frameworks such as ISO 27001, NCSC Cyber Essentials, NIST, and CIS.
• Experience contributing to secure design discussions or security code reviews.

• We would be particularly interested in professionals holding one or more recognised penetration testing certifications, such as:
• CEH
• OSCP
• GPEN
• GWAPT
• CompTIA Pen Test+
• Equivalent practical experience will also be considered.

• Applicants must already hold:
• Active SC clearance, or
• Active SC clearance plus NPPV3
• Clearance must be live, or due to expire within the next 3 months.
• This opportunity pipeline is not suitable for candidates who would need to obtain clearance from scratch.

Inspired Xpert is a specialist IT Talent Solutions company providing high-quality contract or perm talent across software development, cloud, AI, cybersecurity, and data-driven roles. We connect skilled professionals with innovative companies, offering exciting opportunities to work on impactful projects across the globe.