Senior Penetration Tester – CRT / CSTM


We are seeking a motivated CRT / CSTM team member to join our penetration testing team to conduct a variety of security assessments, including web and infrastructure penetration testing. In this role, you will have the opportunity to demonstrate your expertise, hone your skills, and share our commitment to delivering high-quality testing engagements to our clients.

The ideal candidate will have a strong background in cybersecurity and be able to work collaboratively in a team environment. At Samurai, we highly value the professional and personal development of each member of our team. We continually offer opportunities for training, upskilling, and growth to help our team members reach their full potential. In addition to working alongside a talented and dedicated team, we prioritise work-life balance and focus on the well-being of our employees above all else.

Salary and Package

  • £40,000 – £50,000 – With annual reviews for salary and training plans
  • £5,000 p/y training budget assigned for personal/professional development
  • 20 Standard Holidays + 8 Bank Holidays + 2 further “Samurai” days holiday, making a total of 30 holiday days
  • 1 additional holiday is granted per year of service, making a possible total of 35
  • Private Medical Cover after 6 months
  • 2 Development days dedicated each month to work on personal/passion projects
  • Company Issued Laptop
  • Training provided by our technical director with CTL
  • Remote working full time
  • Quarterly team events (Gaming, Laser Tag, Meals, Go-Karting, Spa).
  • EMI Share options available after 12 months
  • Opportunity to be involved with SLT decision-making and have a direct influence on the direction of the company

Role Overview

This role requires an in-depth understanding of modern and legacy IT infrastructure and web applications, with experience running security assessments against a broad range of technology. The assessments that you will carry out may indicatively cover the following areas of technology:

  • Infrastructure and Networks (Physical, virtualised & cloud)
  • Web Applications & APIs
  • Mobile applications (iOS/Android)
  • Thick client applications
  • WiFi testing
  • Adversary simulation (Purple Team / Red Team)
  • Internet of Things (IoT)

Effectively communicating the vulnerabilities in the technical assessment is crucial to this role. This is typically done through writing reports, where the consultant will accurately describe the issue and its implications on the organisation. Appropriate steps for remediation will also be included in the report. The role may also require that the consultant delivers other ad-hoc security assessments in line
with specific client requirements. This could include risk assessments, gap analysis or other less technical assessments.

Reports to:


Responsibilities and Duties

The responsibilities and duties of the role are as follows:

  • Deliver our penetration testing service and deliver other penetration testing assessments, delivering all work to a high standard and to agreed deadlines
  • Provide well-written and concise technical and non-technical reports
  • Perform vulnerability assessments and provide findings with remediation actions
  • Support with various client pre-engagement interactions, including scoping activities and proposal drafting
  • Develop and deliver in-house training to the Penetration Testing Team within your areas of specialism
  • Coach and mentor Graduate and Junior Penetration Testers
  • Act as the Lead Penetration Tester on large penetration testing projects
  • Support the business development team with the creation of content (including, but not limited to: Video demonstrations, Blogs, Social Media Posts, and Articles) to help raise the profile of Samurai’s Penetration Testing and other services
  • Support the QA process to ensure high-quality client reports are delivered in line with SLAs.

Requirements, Skills, experience and qualifications for this role are:

  • This role aims to grant the consultant CHECK Team Member status. Therefore, either CREST CRT or Cyber Scheme CSTM are required for this role
  • Proven industry experience leading infrastructure and application penetration testing engagements
  • Knowledge of assessing both Windows and Linux environments
  • Knowledge of various Operating Systems and network principles
  • An understanding of mobile application testing methodologies for both iOS and Android devices
  • Strong understanding of OWASP and MITRE ATT & CK frameworks
  • Ability to programme or script in your preferred language
  • Knowledge of assessing cloud and hybrid environments (AWS and Azure)
  • Running red team engagements and preparing and launching social engineering campaigns are desirable
  • The ability to create and implement tactics, techniques and procedures (development of scripts, tools, and methods) that can be used in red team engagements (including C2 framework management) is desirable
  • Hold a valid UK driving license required for travelling to client sites, which is an essential part of the role

An employee working in this role will demonstrate the following qualities:

  • Self-motivated and strives to go the extra mile, in line with Samurai’s core cultural
    • Team player
    • Takes initiative
    • Take ownership
    • Passionate
  • Strong written and verbal communication skills
  • Strong desire to continuously learn and develop your skills
  • Willingness to inspire and lead the other members of the team with their infrastructure testing
  • Ability to work both independently and as part of a team to assist technical members where necessary
  • A passion for technology, creativity and innovation

Work from home full-time
The role is primarily remote, however, you may be required to go to the office occasionally for team meetings or Onsite client engagements (Upon client request)

Working Schedule
Full-time position – 37.5 Hours per week

About Samurai

Samurai Digital Security is a Cyber Security and Information Governance company who formed in 2016. The company was conceptualised at Sheffield Hallam University and was founded by ex-lecturers and staffed by ex-students. Over the past five years, we have grown considerably. We are a dynamic company who fully embraced remote and flexible working since we were founded. We have a diverse set of clients who require many different cybersecurity services. We invest heavily in our consultants to ensure they are personally fulfilled and perform unparalleled service for our clients. As a company spun out of academia, we are driven to find research-inspired Avant Garde solutions to issues in the cybersecurity problem domain. We are NOT your average pen testing company.

Samurai have been recognised by the National Cyber Security Centre (NCSC), which is the cybersecurity department of GCHQ, as a Certified Cyber Security Consultancy (CCSC). It has achieved this prestigious accolade in the areas of cyber security risk assessment and risk management. Samurai is currently the smallest company (headcount) to have achieved CCSC status, with its head consultant (Dr David Day) also being a Certified Cyber Professional with the NCSC. Samurai is also a CREST-assured penetration testing company. It has a CHECK application in progress with the NCSC (expected January 2023) and its penetration testing head (Ali Malik)
holding the Check Team Leader certification.

Samurai is also a member of the Cyber Security Information Sharing Partnership (CiSP), an invitation-only initiative set up to allow UK organisations to share cyber threat information in a secure and confidential environment. Samurai’s CEO (Dr David Day) is a Special Officer working with the National Cyber Crime Unit (NCCU), working with the National Crime Agency (NCA) through an invitation to assist in solving cyber crimes deemed a threat to national security.


The company takes its name from the Japanese Samurai warriors. In the 13th century, outnumbered 4 to 1, and with inferior weaponry, the Samurai’s defeated the Mongol Yuan Dynasty. This was achieved through superior military training and strategies. In the battle against hackers, we are outgunned. They have more numbers, resources, money, and time. They have the potential to win the fight before we even know it has started. But, just like the Samurai Warriors, with superior training and strategies, they can and will be defeated. The spirit of excellence defeating brute force inspired David to make Samurai Digital Security the company of today, a team of highly trained individuals delivering excellence. Since 2016, the company has enjoyed continued growth and success.


Samurai creates and implements inventive and professionally researched cybersecurity solutions, positioning ourselves as a long term strategic partner and solutions architect.

Services we provide include:

  • Penetration testing (Infrastructure, Web/Mobile apps, Cloud) Compliance (ISO 27001, GDPR, IASME)
  • Managed security (Endpoints, Networks, Emails)
  • Training (CREST, CompTIA, Red teaming)
  • Cyber Incident response

Apply Now!

If this looks like the right job for you, send over your CV and cover letter & let's get in touch!

If you want to chat, give us a call: 0121 7401 304

Or, email us your CV and cover letter: [email protected]