Penetration Tester_

Passionate about Cyber Security? Join the growing 2-sec team.We have job opportunities at all levels.

Why work for 2-sec?

2-sec is a leading independent cyber security consulting firm based in London but operating across the UK. Our business includes Penetration Testing, Security Compliance and Advisory Services. As one of the fastest-growing companies in the UK it’s an exciting time to join our team and be part of our growth.

Our straight-talking approach to security means we enjoy fantastic relationships with our clients; and we are looking for Penetration Testers to join our team.

2-sec was launched in 2011 and each member of the team has over 10 years’ experience in their chosen field. We are dedicated to delivering world-class service to our clients, many of whom work with us exclusively to advance their security. We have built an impressive client base that includes major clients within the financial services, telecommunications, e-commerce, defence and energy sectors.


As a Penetration Tester you will join a highly experienced team that delivers work on client projects in London and the South East. We have multiple roles available, from mid to senior levels.


  • Delivering a range of black-box, grey-box and / or white-box penetration testing to clients.
  • Working on projects in web or mobile application testing, or infrastructure testing.
  • Delivering reports to clients that highlight areas of identified weaknesses.
  • Providing advice to clients on technical-remediation routes.
  • Delivering all projects to the very high standards our clients expect.
  • Work with other members of the 2-sec team to share knowledge and experience, and to find creative ways of solving technical issues.
  • Attending project commencement calls and meetings to finalise the scope for upcoming projects.


  • Experience of delivering hands-on web / mobile application and infrastructure testing.
  • Demonstrable experience of Kali, Burpsuite, security research and exploit creation.
  • You should hold (or be working toward) at least one of the following certifications: CREST Registered Tester; Offensive Security OSCP; Tigerscheme QSTM;  CyberScheme CSTM;
  • A creative approach to performing thorough proven-method tests.
  • The ability to work towards client-led or internal deadlines.
  • Full knowledge of OWASP Top 10 and SANS Top 25; and how to exploit vulnerable systems in each of these categories.
  • You will need excellent verbal and written communication skills, and the ability to write strong technical reports, including the ability to clearly explain how exploits were carried out, and how a client should remediate.
  • Highly responsive with an ability to handle escalations quickly and professionally.


  • Ideally you will be fluent with programming skills and have strong knowledge of ASP .net, PHP, Java, Python, Objective C and C#.
  • Strong database (MS SQL, MySQL) and web server (IIS, Apache) skills.
  • Experience of testing a variety of platforms including iOS, Android, Windows and Linux.
  • API testing.
  • SCADA / high-availability system testing.
  • Senior positions will require at least 3 years experience and at least one of the following certifications: CREST Certified Web Applications Tester; CREST Certified Infrastructure Tester; CyberScheme CSTL; Tigerscheme SST;


  • Dedicated 10% research time.
  • Speaking opportunities at major events like DefCon or BlackHat.
  • Flexible working and/or home working available.
  • Funded training for recognized qualifications.
  • Additional flexible benefits.

Other Information:

2-sec is an equal opportunities employer. Applicants must have lived in the UK for at least 5 years and have an EU passport.