Lead Security Consultant

Job Title - Lead Security Consultant (CHECK Team Leader)Reporting To - CTOLocation - United Kingdom (Remote with occasional travel to client sites and company offices)Security ClearanceCurrent Security Check (SC) clearance as a minimum.Eligibility and willingness to obtain or maintain higher levels of UK Government security clearance if required.Must meet all requirements for working on UK Government and Critical National Infrastructure engagements., Technical LeadershipLead and deliver complex penetration testing engagementsAct as the senior technical authority for penetration testing engagements.Provide technical guidance and support to penetration testers and security consultants.Ensure testing methodologies align with:NCSC CHECK requirementsCREST standardsOWASP Testing GuideReview and validate findings to ensure technical accuracy and consistency.Perform peer reviews and quality assurance of technical reports.Lead technical investigations and exploitation activities where advanced expertise is required.Assist in developing new service offerings and offensive security capabilities.
Team ManagementManage and develop a team of penetration testers and security consultants.Conduct regular one-to-one meetings and performance reviews.Support recruitment activities, including:CV reviewsTechnical interviewsAssessment exercisesCreate and manage personal development plans for team members.Identify training requirements and support professional certification pathways.Mentor junior and mid-level consultants.Foster a collaborative and high-performance team culture.Support succession planning and capability development within the team.
Client EngagementAct as a trusted technical advisor to clients.Participate in client scoping discussions and pre-sales engagements.Support sales teams with:Technical proposalsStatements of WorkEffort estimationsSolution designPresent findings to both technical and non-technical stakeholders.Deliver remediation workshops and technical debrief sessions.Build long-term client relationships through exceptional service delivery.
Governance & ComplianceEnsure adherence to:NCSC CHECK standardsCREST Codes of ConductCompany policies and proceduresInformation security requirementsGDPR and data protection regulationsSupport audit and accreditation activities.Maintain accurate project documentation and testing records.Ensure testing activities are conducted safely, ethically, and within agreed scopes.

Essential Skills & ExperienceTechnical ExperienceMinimum 5+ years of penetration testing experience.Demonstrable experience leading complex penetration testing engagements.Strong expertise in:Web application securityNetwork penetration testingActive Directory security assessmentsCloud security testing (Azure and/or AWS)Vulnerability research and exploitationStrong understanding of IT environments including Cloud:Experience using industry-standard tools.
Leadership ExperiencePrevious line management experience.Experience leading and mentoring technical teams.Demonstrated ability to manage multiple concurrent projects.Experience in performance management and staff development.Strong stakeholder management skills.
Essential Qualifications & CertificationsCandidates must hold one or more of the following:MandatoryNCSC CHECK Team Leader (CTL) status or demonstrable eligibility to obtain CTL.Current UK Security Clearance (SC) or ability to obtain and maintain clearance.
Personal AttributesStrong leadership and mentoring capabilities.Excellent written and verbal communication skills.Ability to explain technical concepts to non-technical audiences.Commercial awareness and client-focused mindset.High attention to detail.Strong analytical and problem-solving abilities.Ability to work independently and make informed decisions.Professional, ethical, and trustworthy.Passionate about developing others and advancing offensive security capabilities.
Key Performance Indicators (KPIs)Delivery quality and client satisfaction scores.Utilisation and billable performance of the team.Report quality and peer review outcomes.Team retention and engagement.Certification and development progress within the team.Successful delivery of CHECK and CREST-aligned engagements.Contribution to service development and technical innovation.Revenue and profitability targets associated with managed engagements.

We are Citation Cyber - we provide accessible and dynamic cyber security services that extend beyond technology to encompass people, culture, processes, and even the physical environment of businesses. We combine knowledge and integrity to protect data, assets, and intellectual property against cybercrime. Our team of certified ethical hackers, qualified consultants, and expert trainers offer end-to-end cyber security services to make businesses as resilient as possible against cyber-attacks.
Citation Cyber forms part of Citation Group. We are The Citation Group - Citation Group is a collective of businesses dedicated to supporting small and medium-sized enterprises across a range of essential services. We know that running a business means juggling a lot. Our mission is to ease these pressures by providing expertise, guidance, and solutions that enable business leaders to focus on what they do best. From HR and Health & Safety to Cybersecurity, E-Learning, and ISO compliance, we've got you covered.
Citation has achieved strong growth through a combination of organic expansion and strategic acquisitions, continually broadening our expertise, services, and reach to create a one-stop shop that supports businesses across the UK, Canada and Australia.
Role PurposeThe Lead Penetration Tester will provide technical leadership across penetration testing engagements while managing a team of security consultants and penetration testers. The role combines hands-on offensive security expertise with people management responsibilities, ensuring the delivery of high-quality testing services in line with NCSC CHECK standards, CREST methodologies, and company quality requirements.The successful candidate will hold (or be eligible to hold) NCSC CHECK Team Leader (CTL) status and will be responsible for overseeing the planning, execution, quality assurance, and delivery of penetration testing services across a diverse client portfolio.The role will also support the growth and development of the technical team through mentoring, coaching, performance management, and capability development initiatives.

Package ExpectationsCompetitive salary depending on experience and CTL status.Pension contribution.Private healthcare.Professional certification funding.Dedicated training budget.Flexible and hybrid working arrangements.Paid attendance at industry conferences and events.