Offensive Security and Penetration Testing Lead


Time Type

Full time


Competitive Salary


Amazing Benefits

Close Date


Area of Business

IT, Cyber Security


Reading - Green Park, Brook Drive

Job ID 00023400

About the role

The Security and Penetration Testing Lead is responsible for the security, resilience, reliability, observability, and operability of our platforms.

Our offensive security and penetration testing engineers are leaders in their field. They influence management practices and help shape the direction of Virgin Media O2 engineering and application security. This is a hands-on technical role that includes mentoring, guiding, and support of the whole digital organisation, in addition to helping develop better software engineers.

So that's what you'll get up to, but what about us?

Well, we're super proud of our history, helping communities to stay connected with oodles of top-notch products and services. We offer the full works – Broadband, TV, mobile and landline – equipping our customers out with the very latest tech.

But it's not just what we do, but why we do it that really matters.

Our mission is to become the most recommended brand, by our people and our customers. A massive part of that journey is about how we ensure that our brilliant people have a working environment in which they can truly belong and thrive. For us, it's absolutely critical that every single person can bring, and be, their whole selves at work and we're working hard every day to achieve this.

Tell me more, tell me more…

The role requires both breadth and depth of technical ability to own the manual assessment of all digital products, services and software released. The role holder specialises in digging deep to find security issues that static analysis tools or automated pen testing can’t and write the tooling to help with these goals. The Virgin Media O2 digital attack surface area is large and diverse, and we use results found in manual analysis to help improve our enterprise-wide automation to proactively spot and fix potential security issues to protect customers.

Further, the role holder will build relationships with the security research community, verify bug bounty reports, perform root cause analysis, and assess impacts to the organisation.

The must haves

  • Degree in computer science, security, or equivalent professional experience
  • Clear and demonstrable understanding of penetration testing and red teaming including NCSC and CREST accredited schemes, Offensive Security, Ethical Hacking or SANS certifications
  • Proven experience of successfully managing and delivering testing web/mobile application testing and source code security reviews, bug hunting, capture the flag (CTF) experience
  • Experience with cloud technologies security testing (compute, storage, functions, K8s, KMS, IAM, etc.), database, and web server design and implementation, web application security testing, network penetration testing, red teaming, security operations, or hunting
  • Professional experience with security engineering practices such as in web application security, network security, authentication and authorisation protocols, cryptography, automation, and other software security disciplines
  • Experience with using, administering, and troubleshooting at least two major flavours of Linux or Ubuntu, as well as experience with security assessment tools (Nessus, Metasploit, Burp Suite Pro, etc.), as well as open security testing standards and projects (OWASP, CWE and Mitre ATT&CK)

Other stuff we’re looking for

  • Experience with manually auditing source code or scripting and editing existing code and programming (using one or more of the following: Perl, Python, Ruby, bash, C/C++, C#, or Java) to find security issues

What’s in it for you?

We know that benefits mean so much more than the 'stuff' we can give you, so we offer a wide range of support, rewards and tools - all focused on helping you to prioritise what really matters.

All work and no play just isn't our style! We're already planning our future ways of working, for when life becomes a little more normal again. We're constantly evolving our approach to enable you to find a great work life balance.

We're also open to chatting about part time or adjusted working (so don't be worried to ask the question).

If you go on to be successful in your application, some of the many benefits you'll get are:

25 days annual leave, plus UK Bank Holidays.

A defined contribution pension scheme, run by Fidelity, matched up to 10%.

An annual bonus of up to 15%, based on company performance.

Access to wellbeing benefits such as the Unmind App, personal medical cover (which you can opt to upgrade to cover loved ones) and critical illness cover.

Your birthday off every year, to treat yourself.

The option to buy and sell up to 5 days annual leave, to suit your personal needs.

Next Steps

If you think you've got some amazing skills to offer us, and Virgin Media feels like a place where you can belong, we'd love to learn more about you. Once you've submitted an application the next steps of the process, if successful, are likely to include a call from the recruiter to discuss further.

When you apply, you'll be asked about any adjustments you might need to support the recruitment process. Let us know and we'll be sure to discuss it with you.

Thanks for your patience in the meantime and for showing an interest in joining the Virgin Media family.

Job Location

Explore more

Connect to better