Oscar
Penetration Tester

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Penetration Tester (CREST, OSCP) | Hybrid, London | £55-60k
We are working with a well-established cyber security and AI consultancy that is looking for a mid-level Security Testing Consultant to join their growing testing practice in London. This is a great opportunity to work within an accredited testing team, delivering hands-on technical engagements for a varied client base.
The consultancy has a clear, structured route into specialist service lines including AI security, assumed breach exercises and red teaming over the next 2 years - making this a strong move for someone who wants more than a standard testing role.
Location: London (3 days onsite)
Salary: £55,000-60,000 + competitive package
What You'll be Doing:
- Owning the full delivery of penetration testing engagements, from scoping through to testing, reporting and client debriefs
- Testing across web applications, infrastructure, cloud platforms and APIs, with mobile and wireless work as project mix demands
- Producing clear, well-written reports and presenting findings confidently to both technical and executive audiences
- Providing remediation guidance and follow-up support once engagements are complete
- Contributing to the ongoing development of the team's testing methodology and tooling
- Supporting and mentoring junior members of the testing team
- Staying current with offensive security research, techniques and emerging threats
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Key Skills and Experience Needed:
- Around 2-5 years' hands-on penetration testing experience
- Strong web application testing skills aligned to OWASP WSTG, with solid Burp Suite experience
- Confident infrastructure and network testing background, including Active Directory
- Cloud security testing experience in at least one of AWS, Azure or GCP
- API testing experience - REST essential, GraphQL desirable
- Confident use of core offensive tooling: Kali, Burp Suite, Nmap, a vulnerability scanner (Nessus, Qualys or similar), and Metasploit
- Good understanding of common application, network and cloud security controls, and how they can fail
- At least one current accreditation such as CREST CPSA/CRT, OSCP or OSWE (or equivalent)
- Strong written English and the ability to produce clear, structured reports


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Desirable Skills:
- Familiarity with mobile testing concepts (OWASP MASTG) and/or wireless testing
- Containerisation (Docker/Kubernetes) or CI/CD security knowledge
- Red team or social engineering exposure
- Any hands-on AI/LLM security testing experience
Why This Role?
This isn't a "testing treadmill" position. There's a clearly mapped progression path that moves successful consultants from core testing work into higher-value, more specialist services - including AI security assessments, assumed breach exercises and red team operations.
Study time and funded certifications (potentially including OSCP, OSWE, OSEP, CRTO, CCT and emerging AI security accreditations) are built into the personal development plan, alongside conference attendance.
If this sounds right for you, apply now for immediate consideration!
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location