The Senior Penetration Tester plays a critical role in safeguarding Intact’s assets by leading the scoping, planning, and execution of complex penetration tests across a diverse range of technologies, environments, and business functions, including network, application and cloud.
This position requires a deep technical understanding of offensive security methodologies, strong communication skills, and the ability to translate business requirements into actionable testing strategies.
As part of the role, the Senior Penetration Tester will actively contribute to purple team / threat simulation testing, working in close collaboration with defensive security teams to enhance detection and response capabilities. This involves simulating advanced attack scenarios, validating security controls, and leveraging frameworks such as MITRE ATT&CK to ensure comprehensive coverage of adversarial TTPs (Tactics, Techniques, and Procedures). The successful candidate will play a key role in translating offensive insights into actionable defensive improvements, fostering a culture of continuous learning and resilience against evolving threats.
You’ll make an impact by:
- Lead the scoping, planning, and delivery of complex penetration tests across networks, applications, cloud environments, and emerging technologies.
- Conduct advanced offensive security assessments to identify and exploit vulnerabilities, providing clear and actionable remediation guidance.
- Collaborate with defensive teams to help design and execute purple team exercises, improving detection and response capabilities.
- Produce high-quality reports and communicate findings effectively to technical and non-technical stakeholders.
- Assist the Cyber Defence team with vulnerability validation, and technical support during incident response.
- Mentor junior team members, sharing knowledge and best practices to develop overall team capability.
- Peer‑review methodologies and reports to ensure repeatability and quality.
- Stay current with evolving threats, tools, and techniques, contributing to continuous improvement of testing methodologies and security posture.
- Maintain and champion the security testing elements of the SDLC.
Your skills and experience:
- Experience of leading network, web, cloud, internal and red / purple team penetration tests.
- Excellent knowledge of penetration testing approaches, tools and techniques.
- Excellent knowledge of MITRE ATT&CK framework and TTPs.
- Strong capability in identifying, validating, and clearly articulating vulnerabilities.
- Experience writing high-quality reports with clear risk statements and remediation guidance.
- Ability to perform threat modelling and attack surface analysis.
- Excellent knowledge and understanding of Open Web Application Security Project (OWASP).
- Demonstrable experience with automated, dynamic and static application security testing tools.
- Experience in managing third‑party suppliers.
- Relevant technical security qualifications or experience, for example OSCP, SANS, CREST, CRTO, or equivalent level.
Why You’ll Love It Here:
- Annual discretionary bonus.
- Up to 11% pension contributions.
- Hybrid working + flexible hours.
- 25 days annual leave + bank holidays + buy/sell options.
- Health & wellbeing + virtual GP.
- Career development and mentoring.
- Inclusive culture + employee networks.
- Share investment options.
Our DEI Commitment:
We celebrate individuality and believe our differences make us stronger. We’re proud to foster a culture where everyone feels respected, valued, and empowered to thrive.
As an Equal Opportunity and Disability Confident Employer, we ensure fair consideration for all applicants and offer interviews to all disabled candidates who meet the essential criteria.
We understand that everyone’s circumstances are different and are happy to explore flexible working options such as reduced hours or job shares to support work–life balance.
#J-18808-Ljbffr