Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Allwyn UK

Principal Penetration Tester

Allwyn UK

Principal Penetration Tester focusing on application security testing in Allwyn UK. Improving security capabilities while leading offensive security and enhancing testing standards across teams.

Posted 5/20/2026full-timeWatford • 🇬🇧 United KingdomLeadWebsite

Tech Stack

Tools & technologies
AWSCloudJavaLinuxSpringSpring BootSpringBoot

About the role

Key responsibilities & impact
  • Lead and deliver advanced penetration testing across web applications, RESTful APIs, backend services, mobile connected services and supporting application platforms.
  • Assess Java based backend systems, especially Spring Boot services, microservice architectures, API gateways and Backend for Frontend layers.
  • Test authentication, authorisation, orchestration, input validation, session handling, token management and data exposure risks across modern digital journeys.
  • Carry out security testing across cloud hosted and containerised application environments, ideally on AWS, where platform or configuration weaknesses affect application risk.
  • Review outputs from SAST, DAST and related controls, separate noise from genuine risk, and help development teams understand what matters and what should be fixed first.
  • Support threat modelling and design review activity by translating design and architecture decisions into sensible testing scope and coverage.
  • Support release and project assurance by providing clear views on testing depth, remediation expectations and risk based sign off inputs.
  • Help develop practical application security testing standards, playbooks and ways of working that can be applied across BAU and project delivery.
  • Develop and mature an internal purple team methodology that can be used alongside security testing activity and external red team exercises.
  • Support offensive security planning with Security Testing leadership and Cyber Defence so that simulations and adversary led assessments are tied to the maturity of defensive controls and operational priorities.
  • Use strong Linux and Windows knowledge to identify realistic exploitation paths across hosts, applications and supporting services.
  • Bring practical knowledge of binary exploitation and lower level technical analysis where it adds value to application, platform or software component assessments.
  • Apply ATT&CK aligned thinking when shaping offensive scenarios, attack paths and purple team test cases.
  • Use knowledge of exploit chaining, post exploitation tradecraft, EDR and AV evasion concepts, and other offensive security techniques where they improve the realism and value of testing.
  • Contribute to selected specialist work, including hardware focused testing or low level technical analysis, where there is a clear business need and the activity supports the wider security testing plan.
  • Work with external offensive security partners and turn outputs into practical lessons, follow up actions and measurable improvements.
  • Act as a senior technical point of reference within the Security Testing function.
  • Coach others in the team and help raise the standard of testing, reporting and technical analysis.
  • Improve internal methods, test approaches and reporting so that the function becomes more consistent and easier to scale.

Requirements

What you’ll need
  • Strong hands on experience in application penetration testing across web applications, APIs and service based architectures.
  • Strong understanding of Java based backend systems, especially Spring Boot, RESTful APIs and microservice patterns.
  • Experience testing API gateways and Backend for Frontend layers, including authentication, authorisation, orchestration and data validation.
  • Practical knowledge of cloud hosted applications, ideally on AWS, including containerised services and common platform security controls.
  • Good understanding of modern web and mobile application patterns, enough to assess API consumption, session handling, trust boundaries and data exposure risk.
  • Strong practical knowledge of Linux and Windows operating systems, including privilege escalation paths, host weaknesses, credential handling risks and exploitation approaches relevant to application environments.
  • Working knowledge of binary exploitation and lower level vulnerability analysis where relevant to application, runtime or platform risk.
  • Ability to carry out manual testing beyond automated tooling, including business logic weakness, exploit chaining and cross layer issues.
  • Ability to explain findings clearly to both technical and non technical stakeholders and provide practical remediation advice.
  • Experience shaping testing approach, methodology or standards rather than only delivering assessments.
  • Experience with mobile application assessment.
  • Experience with secure code review or code assisted testing.
  • Experience with ATT&CK informed assessments, adversary emulation support or purple team exercises.
  • Familiarity with EDR and AV evasion concepts, exploit development, vulnerability research or offensive tooling beyond standard application testing.
  • Exposure to hardware, embedded or other specialist low level testing techniques.
  • Experience in regulated, high availability or transaction critical environments.
  • Relevant certifications such as CREST, OSCP, OSWE, OSEP or equivalent demonstrable experience.
  • Experience with WAF technology and implementation.

Benefits

Comp & perks
  • Company Bonus Scheme
  • Matched pension contributions up to 8.5%
  • 26 days annual leave + 2 Life Days (and bank holidays)
  • Single Private Health Cover
  • Complimentary Private Medical
  • Income Protection
  • Flexible Benefits – EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes.
  • Enhanced Family Leave (Maternity, Paternity, Adoption)
  • Wellness Allowance £500
  • Employee Assistance Programme
  • Discounted Health Assessments
  • Volunteering Days
  • Matched Funding

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
penetration testingJavaSpring BootRESTful APIsmicroservicescloud securityLinuxWindowsbinary exploitationmanual testing
Soft Skills
communicationcoachingmethodology shapingreportingtechnical analysisstakeholder engagementremediation adviceteam leadershipproblem solvingrisk assessment
Certifications
CRESTOSCPOSWEOSEP