Securing business data

Careers at CNS Group


Penetration Tester

Headline Description:

Works under general supervision and on discrete tasks when performing penetration tests. Demonstrates an analytical and systemic approach to penetration testing, and is able to apply their own initiative and work on given tasks without prompt.

Understands and able to apply appropriate tools and techniques during a penetration test, and works in accordance with the relevant legislation and standards. Performs penetration tests, which may be complex and non-routine, in a variety of environments. Works as part of a larger team, is responsible for planning and monitoring their own work, and assists senior colleagues in delivering successful penetration tests. Demonstrates effective communication skills, and can provide valuable input to written reports and presentations. Has regular working level contact with customers. Is actively developing their understanding of penetration testing, and understands how penetration testing is to be applied and delivered to a customer.

Demonstrates a high level of professionalism towards clients and colleagues, can actively manage their own time effectively and delivers outputs to a set and predictable time scale. Language use within reports is professional and of a high quality at all times.

Penetration Tester (SFIA 3a):

CNS Group are looking for an established penetration tester to join our existing team of highly qualified and experienced testers.  This is a great opportunity for those already with CHECK team membership status or those working towards this industry recognised standard to further their technical knowledge and understanding.

The role will see the successful candidate involved in all aspects of penetration testing at CNS under the guidance of our team of highly experienced senior staff, ranging from network infrastructure, web application, industrial infrastructure, forensics, mobile device testing and much more.

What will the role involve:

There are always unique and interesting jobs that come along, so there is no standard week, however the role will certainly involve:

  • l Helping senior staff members scope, design and manage projects.
  • l Conducting Internal Pen Testing.
  • l Conducting External Pen Tests.
  • l Conducting Web Application tests for all manner of applications, from major brands to bespoke systems
  • l Conducting Build reviews of common operating systems.
  • l Helping clients understand Penetration Tests and what to do with the results, formally or informally.
  • l Undertaking incident response activities under supervision of senior staff.
  • l CHECK and ITHC based penetration testing.
  • l Commercial penetration testing.
  • l Working with the sales team and senior staff to improve customer relations.
  • l Looking at new solutions, vulnerabilities and technologies and advising clients.
  • l Working with Software developers to try and help them to secure applications.

Where will it be based:

  • l Pemberton Row, London (Head Office).
  • l On site work is generally based within the UK.
  • l Occasional international work and travel.
  • l Opportunities to work from home.

About the Team:

Our TEST team are one of the most experienced and highly qualified teams of penetration testers in the UK. Also experts in forensics, the team is responsible for testing 1000’s of applications, systems, environments and devices every year for both private and public sectors. The team routinely research vulnerabilities, compile threat intelligence and assist clients in shoring-up their data security.

The team comprises a number of highly qualified CHECK team leaders and members who also hold certifications in forensics, industrial (SCADA) network testing, malware reverse engineering among other.

Must Have:

  • l CHECK Team Member Status or Equivalent qualification (Tiger QSTM or CREST CRT).
  • l Be an active penetration tester who can demonstrate practical and written ability to the above level.
  • l SC Clearance and the ability to maintain it.
  • l Based within a commutable distance to the office (although options to work from home exist, a regular office presence is also required.
  • l Team Work - The successful candidate needs to be friendly and willing to work as part of the team and help mentor junior staff members.
  • l Customer Facing - The successful candidate must be able to talk to customers and accurately communicate complex testing results to a non technical audience.
  • l Excellent written English and report writing skills.
  • l Can work under guidance with little input from senior staff while maintaining a HIGH level of professionalism (including time management).
  • l Expert use of enumeration tools and techniques.
  • l Expert use of exploitation frameworks.
  • l Ability to check, compile and use exploitation code.
  • l Ability to identify and exploit complex vulnerabilities.
  • l Experience within multiple areas of testing (Mobile, Application, Infrastructure, External, Social Engineering, Configuration Reviews etc).
  • l Ability to manually validate accuracy of automated results - does not demonstrate a reliance on automated tools.

Nice to Have:

  • l Desire to learn and further an in depth understanding of cyber security.
  • l Ability to scope and lead commercial jobs
  • l Reverse Engineering and Malware Analysis
  • l Incident Response Experience
  • l Experience in exploit development

Please contact for more information.
For further job opportunities follow us on LinkedIn.

Follow CNS on Linkedin and join our LinkedIn groups


Winner - Best Managed Security Service


Financial Service Technology Awards

Best use of IT in Retail Banking
For implementation of IPT at Duncan Lawrie Bank.

Consulting Practice of the Year

CNS Hut3 have been shortlisted as finalists in the Cyber Security Awards, which seek to recognise talent and achievement within the cyber security industry.
Banking Tech Awards 2012 Logo shortlist

BankingTech Security Initiative of the Year

CNS were shortlisted for their AntiPhishing Security Initiative with Metrobank.