Pentration Tester

Occasional travel within the NY/NE area may be required Home-based with occasional travel to site required

Job Purpose

• 3+ years experience hands on pentesting, OSCP or equivalent, based in the NY/NE region.
• As a Senior Penetration Tester within the Global Security Operations Penetration Testing team at National Grid, you will deliver high quality penetration testing across a broad range of technologies. This is a generalist role, with a primary focus on web application, and infrastructure testing, alongside cloud, API, and supporting platforms within both Enterprise and OT environments.
• You will be responsible for executing the full penetration testing lifecycle, providing clear and actionable security findings, and working closely with Security Architects and technology teams to reduce risk. The role includes opportunities to test business critical and critical infrastructure systems, contributing directly to the resilience and security of essential services.
• The pentest work will be remotely performed where possible, however, there may be the requirement to perform onsite testing within the NY/NE region.

Key Accountabilities

• Plan, scope, and deliver penetration testing engagements across all domains including, web applications, internal and external infrastructure, cloud, and APIs.
• Produce high-quality, professional, and objective penetration test reports that drive remediation.
• Ability to communicate effectively to both technical and non technical stakeholders.
• Collaborate with application, infrastructure, cloud, and security teams to support effective remediation.
• Contribute to the continuous improvement of penetration testing methodologies, tooling, and reporting standards.
• Provide guidance to junior testers where required.

Desirable Experience:

• You are an experienced penetration tester (Minimum of 3+ years of hands on penetration testing experience) with a strong technical foundation and the ability to work across multiple testing domains. You are comfortable operating independently while contributing effectively within a collaborative security team.
• Experience delivering the full lifecycle of a penetration test engagement from scoping to retesting within both Enterprise and OT environments.
• Solid understanding of common vulnerability classes, attack paths, and exploitation techniques across web, cloud and infrastructure.
• Certifications aligned to the role (e.g., OSCP, OSCE3/OSEP/OSWE/OSED, GIAC GPEN/GWAPT/GXPN, CISSP/CCSP), or equivalent demonstrable expertise.
• Active participation in the security community demonstrated through conference talks, published research, CVE(s) or advisories, open-source contributions, or recognised technical writing.