Pentest People is a UK-based security consultancy specialising in providing Penetration Testing as a Service to all its clients. Our innovative approach to security testing merges the benefits of consultant-led penetration testing with ongoing vulnerability assurance through our advanced SecurePortal. This provides clients with a continuous, living threat management system throughout the duration of the contract, rather than a single point-in-time assessment.
As CHECK Team Leader, you will lead and oversee penetration testing engagements for government and critical infrastructure clients, ensuring compliance with NCSC methodologies while delivering exceptional technical and strategic value. This role requires both Infrastructure and Application CHECK certifications alongside a UK Cyber Security Council Principal Professional Title in Security Testing.
You will be responsible for managing complex security assessments from initial scoping through final report delivery, leading a team of skilled penetration testers, and serving as the primary technical authority for client engagements. The position requires expertise in both infrastructure and application security domains, with the ability to seamlessly transition between hands-on technical assessments and executive-level risk communication.
This remote-based role includes regular on-site client work across the UK, you will work with government systems and sensitive commercial environments, making Security Check (SC) clearance essential for role performance.

ESSENTIAL REQUIREMENTS:

• Current CREST CCT Infrastructure (CCT INF) OR The Cyber Scheme CSTL Infrastructure certification.
• Current CREST CCT Application (CCT APP) OR The Cyber Scheme CSTL Application certification.
• Professional title at a minimum level of Principal Cyber Security Professional (PriCSP) in the Security Testing specialism.
• Valid security clearance at a minimum level of SC, DV is preferred
• Thorough understanding of the requirements outlined by the CHECK Scheme
• Minimum 3 years of hands-on penetration testing experience, including on-site work.
• Proven track record leading security assessments as part of a larger team
• Experience working with government, defence, or critical infrastructure sectors
• Demonstrated ability to scope, plan, and deliver complex multi-phase security assessments
• Exceptional written communication for technical reporting and executive summaries. Strong verbal presentation skills for client meetings and board-level briefings. Ability to explain complex technical concepts to non-technical audiences while maintaining accuracy and relevance.
• High-level reporting standards, in both authoring and providing detailed quality feedback to colleagues
• As part of the senior team, you will be required to assist in developing and mentoring colleagues and trainee team members, which includes 1 on 1 sessions, group presentations and the creation and delivery of internal bootcamps.

DESIRABLE REQUIREMENTS:

In addition to holding CTL INF and CTL APP status, the ideal candidate will also have the following capabilities:

• In-depth knowledge of cloud technologies, at a minimum of Azure and AWS; however, it would be a benefit to have knowledge of GCP and OCI, including experience in performing configuration reviews and penetration testing of these environments.
• Capability to perform penetration testing of API, Mobile (Android & iOS), Desktop/Thick Client Apps
• Understanding or practical experience of Code reviews, including CI/CD pipelines.
• Practical experience of operating system hardening for Microsoft and Linux environments

NON ESSENTIAL:

• Industrial control systems (ICS/SCADA) security assessment
• Hardware security testing and IoT device assessment
• Security architecture review and design consultation
  While this role is advertised as remote, it will require occasional visits to client sites and the office as needed. Candidates must be based in the UK and have the right to work, as we are unable to provide sponsorship at this time.
  We understand that job descriptions offer only a glimpse of the role. For more details, please feel free to reach out or apply, and we will be happy to provide additional information. Pentest People is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees

• Lead complex penetration testing engagements across infrastructure and application domains, ensuring adherence to NCSC CHECK methodologies. You will personally conduct advanced security assessments when required, demonstrating expertise in network penetration testing, web application security, cloud infrastructure assessment, and modern technology stacks, including containerised environments and micro services architectures.
• Maintain final accountability for all technical deliverables, conducting rigorous quality assurance reviews of vulnerability findings, exploitation techniques, and remediation recommendations. Your technical oversight ensures that all testing remains within agreed rules of engagement while maximising value through comprehensive security coverage. You will stay current with emerging threats, zero-day vulnerabilities, and advanced persistent threat techniques, incorporating cutting-edge attack methodologies into team capabilities.
• Contribute to the success and growth of our high-performing penetration testing team through mentorship, technical training, and career development support. You will conduct performance reviews, identify skill gaps, and create targeted development plans that advance both individual capabilities and team effectiveness. Foster a culture of knowledge sharing through internal training sessions, technical workshops, and collaborative problem-solving.
• Serve as the primary technical interface with client stakeholders, translating complex security vulnerabilities into business risk language that resonates with C-level executives and board members. You will lead scoping meetings to understand client objectives, regulatory requirements, and risk tolerance, developing tailored testing approaches that address specific organisational needs.
• Manage sensitive client communications during active testing phases, providing regular status updates and immediate notification of critical findings. Your diplomatic skills will be essential when discussing high-risk vulnerabilities with client technical teams, striking a balance between urgency and professional discretion. Build long-term strategic partnerships through exceptional service delivery, thought leadership, and proactive security guidance.
• Ensure all penetration testing activities comply with NCSC CHECK scheme requirements, maintaining meticulous documentation and audit trails. You will implement and maintain quality management processes aligned with ISO 9001 and ISO 27001 standards, driving continuous improvement in service delivery and client satisfaction.
• Review and approve penetration testing reports, ensuring technical accuracy, comprehensive coverage, and actionable remediation guidance. Your attention to detail ensures that findings are properly risk-rated using CVSS scoring while considering the specific business context and threat landscape. Maintain professional indemnity insurance compliance and ensure all testing activities remain within legal boundaries defined by the Computer Misuse Act 1990.
• Support pre-sales activities through technical expertise and client presentations, contributing to proposal development and service scoping. You will participate in client pitches, demonstrating technical capabilities and articulating value propositions that differentiate our services in a competitive market.
• Identify opportunities for service expansion and new offering development based on emerging threats and market demands. Contribute to thought leadership through blog posts, white papers, and conference presentations that establish organisational authority in specialised security domains. Build strategic relationships with industry partners, professional associations, and government stakeholders to enhance market positioning.