Overview

Pentest People is a UK-based security consultancy specialising in providing Penetration Testing as a Service to all its clients. Our approach combines consultant-led penetration testing with ongoing vulnerability assurance through our SecurePortal, providing clients with a continuous, living threat management system throughout the contract duration.

As CHECK Team Leader, you will lead and oversee penetration testing engagements for government and critical infrastructure clients, ensuring compliance with NCSC methodologies while delivering technical and strategic value. This role requires both Infrastructure and Application CHECK certifications alongside a UK Cyber Security Council Principal Professional Title in Security Testing.

You will be responsible for managing complex security assessments from initial scoping through final report delivery, leading a team of skilled penetration testers, and serving as the primary technical authority for client engagements. The position requires expertise in both infrastructure and application security domains, with the ability to transition between hands-on technical assessments and executive-level risk communication.

This remote-based role includes regular on-site client work across the UK. You will work with government systems and sensitive commercial environments, making Security Check (SC) clearance essential for role performance.

Key Responsibilities

• Lead complex penetration testing engagements across infrastructure and application domains, ensuring adherence to NCSC CHECK methodologies. Personally conduct advanced security assessments when required, with expertise in network penetration testing, web application security, cloud infrastructure assessment, and modern technology stacks, including containerised environments and microservices architectures.
• Maintain final accountability for all technical deliverables, conducting rigorous quality assurance reviews of vulnerability findings, exploitation techniques, and remediation recommendations. Ensure testing remains within agreed rules of engagement while maximising value through comprehensive security coverage. Stay current with emerging threats and advanced attack methodologies.
• Contribute to the success and growth of the team through mentorship, technical training, and career development support. Conduct performance reviews, identify skill gaps, and create targeted development plans. Foster knowledge sharing through internal training sessions, technical workshops, and collaborative problem-solving.
• Serve as the primary technical interface with client stakeholders, translating complex security vulnerabilities into business risk language for C-level executives and board members. Lead scoping meetings to understand objectives, regulatory requirements, and risk tolerance, developing tailored testing approaches for organisational needs.
• Manage sensitive client communications during active testing phases, providing regular status updates and immediate notification of critical findings. Build long-term strategic partnerships through exceptional service delivery and proactive security guidance.
• Ensure all penetration testing activities comply with NCSC CHECK scheme requirements, maintaining meticulous documentation and audit trails. Implement and maintain quality management processes aligned with ISO 9001 and ISO 27001 standards, driving continuous improvement in service delivery and client satisfaction.
• Review and approve penetration testing reports, ensuring technical accuracy, comprehensive coverage, and actionable remediation guidance. Maintain professional indemnity insurance compliance and ensure testing stays within legal boundaries defined by the Computer Misuse Act 1990.
• Support pre-sales activities through technical expertise and client presentations, contributing to proposal development and service scoping. Participate in client pitches, demonstrating technical capabilities and articulating value propositions that differentiate our services.
• Identify opportunities for service expansion and new offering development based on emerging threats and market demands. Contribute to thought leadership through blog posts, white papers, and conference presentations to establish organisational authority. Build strategic relationships with industry partners, professional associations, and government stakeholders to enhance market positioning.

Essential Requirements

• Current CREST CCT Infrastructure (CCT INF) OR The Cyber Scheme CSTL Infrastructure certification.
• Current CREST CCT Application (CCT APP) OR The Cyber Scheme CSTL Application certification.
• Professional title at a minimum level of Principal Cyber Security Professional (PriCSP) in the Security Testing specialism.
• Valid security clearance at a minimum level of SC; DV is preferred.
• Thorough understanding of the requirements outlined by the CHECK Scheme.
• Minimum 3 years of hands-on penetration testing experience, including on-site work.
• Proven track record leading security assessments as part of a larger team.
• Experience working with government, defence, or critical infrastructure sectors.
• Demonstrated ability to scope, plan, and deliver complex multi-phase security assessments.
• Exceptional written and verbal communication skills for technical reporting and executive briefings. Ability to explain complex technical concepts to non-technical audiences.
• High-level reporting standards with ability to provide detailed feedback to colleagues.
• As part of the senior team, assist in developing and mentoring colleagues, including 1-on-1 sessions, group presentations, and internal bootcamps.

Desirable Requirements

In addition to holding CTL INF and CTL APP status, the ideal candidate will have the following capabilities:

• In-depth knowledge of cloud technologies (Azure and AWS; knowledge of GCP and OCI is a bonus), including configuration reviews and penetration testing of these environments.
• Capability to perform penetration testing of API, Mobile (Android & iOS), Desktop/Thick Client Apps.
• Understanding or practical experience of code reviews, including CI/CD pipelines.
• Practical experience of operating system hardening for Microsoft and Linux environments.

Non Essential

• Industrial control systems (ICS/SCADA) security assessment
• Hardware security testing and IoT device assessment
• Security architecture review and design consultation

While this role is advertised as remote, it will require occasional visits to client sites and the office as needed. Candidates must be based in the UK and have the right to work, as sponsorship cannot be provided.

We understand that job descriptions offer only a glimpse of the role. For more details, please feel free to reach out or apply, and we will be happy to provide additional information. Pentest People is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.