Penetration Tester

Security Penetration Tester (Contract) | On-site (East Midlands) | Up to £525 a day | 6 months contract with the view to extend | Outside IR35

We are partnering with a global organisation to support the development of its internal penetration testing capability. With a digital footprint spanning more than 60 countries and over 15,000 IT users, this is a high-impact role within a growing Information Security function.

This position offers the opportunity to join a proactive defence team at a pivotal stage of maturity, transitioning from reliance on third‑party providers to building a fully embedded in‑house penetration testing capability.

You will act as a “think like an attacker” specialist, identifying vulnerabilities before they can be exploited and helping shape how security testing is delivered across a complex, global environment.

• Plan and execute authorised penetration tests across networks, applications, cloud, and infrastructure environments
• Identify vulnerabilities arising from technical weaknesses or human factors and provide clear remediation guidance
• Produce high‑quality, business‑focused reports translating technical risk into clear impact
• Develop and enhance testing approaches, scripts, and automation tools to improve effectiveness
• Collaborate with SOC and Detection Engineering teams to embed long‑term security improvements
• Support red team exercises and broader threat‑led testing initiatives
• Stay current with emerging threats and security trends through continuous learning and industry engagement

• Proven hands‑on experience in penetration testing and/or red team engagements
• Strong understanding of vulnerability management, threat detection, and incident response
• Experience working within cloud environments, ideally Microsoft Azure
• Ability to communicate complex security risks clearly to both technical and non‑technical stakeholders
• Background in retail or large‑scale eCommerce environments
• Exposure to operational technology environments (e.g. warehouse or logistics systems)
• Experience working within large, complex enterprise estates

You will be joining a growing Information Security function covering SOC, Vulnerability Management, and Threat/Incident Response, alongside a dedicated Engineering team focused on IAM and automation (including SailPoint and Google Sec Ops).

The penetration testing capability is currently in its early stages, with significant opportunity to shape tooling, structure, and long‑term strategy following an upcoming leadership transition.

If you are an experienced Security Pen Tester looking for your next contract opportunity we would be keen to speak with you.

Please note, we are only able to consider candidates who are based in the UK and who have the existing right to work in the UK.