We’ve achieved Flexible Workplace Accreditation
We’re pleased to share that the Cyber and Fraud Centre – Scotland is recognised as one of the first organisations in Scotland to achieve Flexible…
We’re Hiring – CREST-Accredited Penetration Tester
Penetration Tester – Permanent Full Time Monday-Thursday
Salary – up to £55,000 depending on experience
Cyber and Fraud Centre Scotland – City Centre Edinburgh – Hybrid
Do you want to work for a social enterprise and help make a positive impact in cyber security?
Who we are
The Cyber and Fraud Centre is Scotland’s only cyber social enterprise. Our mission as a socially driven organisation is to deliver accessible, affordable, and relevant cyber and fraud services. With our dedicated team, we protect organisations all over Scotland by offering professional services, skills, and community building. The Cyber and Fraud Centre has established itself as an authoritative voice in cyber safety and resilience ensuring a safer and more robust business landscape in Scotland.
Our values: integrity, ethical and making a difference are at the heart of everything we do. We ensure that all private, public and third sector organisations we work with have access to our people and resources, to stay secure. We are dedicated to promoting cybersecurity and providing comprehensive support within the business sector. We achieve this through the delivery of education and preventative training, as well as actively raising awareness of threats throughout the business community and providing support in the event of an incident. It is our intention that organisations have the skills and knowledge to protect themselves against online attacks.
We are a small, high performing team with a focus on genuine care and respect for one another as we work to bring cyber safety to organisations around Scotland. The threat landscape is constantly evolving, and this is an exciting time to join us as we continue to grow and expand our services. As demand for our trusted, high‑quality assurance services grows, we are expanding our technical team and are seeking an experienced CREST‑Accredited Penetration Tester to play a key role in delivering impactful testing and advisory work.
About the role
You will deliver high‑quality, ethical penetration testing engagements aligned with CREST standards. You will work across a diverse range of organisations, helping them understand their exposure to cyber threats and supporting practical, proportionate improvements.
A hands‑on technical role with scope to influence service development, mentor others, and contribute to Scotland’s wider cyber resilience ecosystem.
Key responsibilities will include:
- Deliver CREST‑aligned penetration testing engagements, including:
- Infrastructure and network testing
- Web and application testing
- Cloud and hybrid environments
- Plan, scope, and execute tests in line with agreed methodologies and best practice.
- Produce clear, high‑quality technical and executive‑level reports.
- Communicate findings and risk in a clear, constructive manner to a range of stakeholders.
- Support remediation discussions and re‑testing where required.
- Maintain accurate records and testing artefacts in line with governance and assurance requirements.
- Contribute to continuous improvement of tools, methodologies, and internal knowledge sharing.
About you
You will be joining a caring and committed team with a strong sense of purpose.
Essential Skills & Experience
- CREST accreditation
- Proven experience delivering penetration testing in professional or client‑facing environments.
- Strong understanding of common vulnerabilities and attack techniques (e.g. OWASP Top 10, MITRE ATT&CK).
- Experience with industry‑standard tools (e.g. Burp Suite, Nmap, Metasploit, Nessus or equivalents).
- Ability to write clear, high‑quality technical reports.
- Strong ethical mindset and commitment to responsible disclosure.
Desirable
- Experience in cloud security testing (AWS, Azure, GCP).
- Knowledge of secure architecture or defensive controls.
- Experience mentoring junior testers.
- Additional certifications (e.g. OSCP, CHECK, CISSP, cloud security certs).
You must have the right to work in the UK. For further information please see the job description.
To apply
To apply, please submit your CV and a short covering statement to [email protected] outlining your experience and CREST accreditation by 5pm 29th April 2026.
Related articles
We’re Hiring – Professional Services & Incident Response Manager
The Cyber and Fraud Centre Scotland is a non-profit organisation dedicated to promoting cybersecurity and providing comprehensive support within the business sector.
Supporting Hospitality Leaders to Put Cyber Resilience on the Agenda
The Cyber and Fraud Centre – Scotland has partnered with HIT Scotland to support the delivery of its new Code of Trust: Executive Strategy for…