Penetration Tester

About Ekco

Ekco is a security-focused managed service provider founded in 2016 and has grown rapidly into one of Europe’s leading cloud solution companies. The business helps IT teams improve efficiency, scale in a smarter way, and reduce risk with support from local specialists and a European delivery footprint.

The company supports organisations in advancing cloud maturity by guiding change, improving security, and helping them get more value from their technology investments. In practical terms, Ekco helps customers modernise safely, strengthen resilience, and secure systems in a fast-moving digital environment.

Ekco has a team of 1,000+ people across the UK, Ireland, Benelux, South Africa, and Malaysia, and continues to expand.

The organisation’s culture is shaped by four core values: taking ownership and delivering results, working collaboratively, building strong relationships, and staying curious with a mindset of continuous growth.

Role Overview

Ekco is seeking a capable and ambitious Penetration Tester to join its security consulting team. This hybrid position may involve client-site work depending on project needs. The role focuses on evaluating the security of applications, infrastructure, APIs, servers, and endpoints to uncover weaknesses that could be used by attackers.

A strong understanding of application security, penetration testing techniques, and current best practices is essential to help protect confidentiality, integrity, and availability across client environments.

Key Responsibilities

You will perform in-depth security assessments across a variety of environments, including web applications, thick client applications, infrastructure, cloud platforms, and APIs.

Testing may be carried out either remotely or on-site at client premises, depending on project requirements.

You will create, adapt, and run tailored test plans and methodologies for network and application-layer assessments, using recognised standards such as OWASP and NIST.

The role also includes reviewing system architecture and design to identify weaknesses and recommending practical ways to reduce risk.

You will work closely with clients and development teams to understand technical environments, support remediation, and promote secure coding practices.

Testing will involve both manual analysis and automated tools to identify security issues effectively.

Clear and detailed reporting will be a key part of the job, including documentation of vulnerabilities, business impact, and remediation guidance.

You will stay current with emerging threats, exploit techniques, and vulnerability trends, while advising clients on defensive measures.

Collaboration with other security specialists will be required to help customers apply secure development and deployment practices.

In addition, you may support incident response work, including investigations and remediation related to mobile application security incidents.

Requirements

Strong written and verbal communication skills are necessary, along with the ability to explain technical topics clearly to both technical and non-technical audiences.

A degree in Computer Science or Information Security is preferred, although equivalent experience in a related field is also acceptable.

Professional certifications such as OSCP, PNPT, CREST CPSA, CRT-accredited certifications, or SANS are highly desirable, as is experience in mobile apps, thick client assessments, Citrix, or secure code review.

You should have a proven background in penetration testing, with substantial experience in testing web and mobile applications, infrastructure, and APIs. At least 2 years of professional penetration testing experience is required.

A solid grasp of vulnerabilities, attack techniques, and security best practices and standards such as OWASP, NIST, and PTES is important.

Good understanding of application frameworks, system architecture, operating systems such as Windows and Unix, and related technologies is expected.

Hands-on mobile application testing experience across Android and iOS is highly desirable, including knowledge of app architecture, secure storage, authentication, and inter-app communication.

Experience using tools such as Burp Suite Professional, Nmap, Nessus, Metasploit, SoapUI, Postman, and ReadyAPI is required.

Programming or scripting ability in languages such as Python or Bash is an advantage, especially for automation and custom testing scripts.

You should be able to work independently as well as within a team, manage multiple assignments, meet deadlines, and consistently produce high-quality outcomes.

Benefits and Perks

Employees receive 25 days of annual leave plus public holidays.

An additional day off is provided for your birthday.

The role includes access to a company pension scheme.

Support is available through an Employee Assistance Programme for wellbeing.

EkcOlympics offers global team activity challenges.

You get unlimited access to Pluralsight for ongoing learning and development.

There are real opportunities for career growth, including international progression.

Why Ekco

Ekco has been recognised as Microsoft’s 2023 Rising Star Security Partner of the Year.

The company was the first Irish Microsoft MSP to achieve all four Microsoft Security Specializations.

It was also ranked 4th in the Deloitte Fast50 Awards among the fastest-growing technology companies.

Ekco promotes a culture built on diversity, equality, inclusion, and belonging.

The business supports internal mobility and long-term career development.

Flexible, family-friendly working is an important part of the company culture.

Ekco positions itself as a trusted security-first managed service provider helping IT leaders improve efficiency, scale effectively, and manage risk.