Penetration Tester

The Offensive Security Consultant at Triskele Labs plays a key role in delivering high-quality penetration testing services. As a Subject Matter Expert (SME) in the security industry, the consultant is responsible for managing the entire lifecycle of offensive security engagements, from initial setup and information gathering to report generation and close-out activities.

This role requires independent execution of all types of penetration testing, following modern frameworks, while also handling client communications, scheduling, travel arrangements, and technical preparations. The consultant must provide expert security advice to clients, both in person and in writing, and ensure that all outputs meet or exceed expected quality standards within defined timelines.

You will independently plan and execute penetration testing engagements across a broad range of technologies and environments, applying both creativity and technical rigour to identify meaningful security issues.

• Web and mobile application testing
• Internal and external infrastructure assessments
• API and cloud security reviews
• Wireless, hardware, and embedded systems testing
• Social engineering, phishing, and physical security engagements

You’ll make use of industry-standard tooling and be comfortable adapting tools where required.

• Tools such as Burp Suite, Nessus, and other web application scanners
• Directory brute-forcing and encryption verification tools
• Technology-specific tools for platforms including ASP.NET, PHP, and Java
• Customisation and scripting (primarily Python) to support testing objectives

Clear, accurate reporting is central to the value we deliver to clients. You’ll be accountable for producing high-quality deliverables that clearly articulate risk and remediation.

• Produce detailed penetration testing reports outlining vulnerabilities, risk ratings, impact, and remediation guidance
• Ensure deliverables are accurate, consistent, and completed within agreed timelines
• Peer review team members’ reports to maintain a high standard across the team
• Communicate critical findings to the Penetration Testing Team Lead in a timely manner

Penetration testers at Triskele Labs are client-facing and trusted to represent the business professionally throughout engagements.

• Act as the primary point of contact for assigned engagements
• Lead internal and external kick-off and close-out meetings
• Provide clear, ongoing communication and respond to client questions
• Ensure contractual obligations and service expectations are met

You’ll contribute to the ongoing maturity of the penetration testing practice by improving how we work and how we deliver outcomes.

• Maintain and improve internal documentation, templates, and testing processes
• Share knowledge and collaborate closely with other testers and team leads
• Balance multiple engagements while working autonomously when required

This role suits someone with strong technical depth, sound judgement, and the ability to clearly communicate complex issues.

• Advanced knowledge of security systems, protocols, and attack techniques
• Strong understanding of networking fundamentals and operating systems (Windows, Linux, Unix)
• Familiarity with enterprise security technologies such as firewalls, proxies, SIEM, antivirus, and IDPS
• Programming or scripting experience, with Python preferred

Certifications

• OSCP (essential)
• CREST Certified Tester (highly regarded)

Team culture is everything to Triskele Labs and it is the reason we exist.

We provide our team a great range of additional benefits such as:

• Access to a professional external Employee Assistance Program (EAP) for all team members
• Social functions organised by our People & Culture Team

We are a forward-thinking company and always looking for ways to boost our team culture to ensure we are a destination employer. We continually undertake surveys to seek feedback from our team on ways we can improve our work environment and team member experience at Triskele Labs.

Please include with your application and cover letter adressed to 'Mike H.' Head of Offensive Security. Applications without a cover letter will not considered.