Web and Mobile Application Penetration Tester

The world’s first online Cyber Security Consultancy service, which brings together experienced consultants and businesses in a new way.

Location: Remote (UK only, with occasional travel to client sites where appropriate)
Salary: Competitive and based on experience
Job Type: Full-time

This role is UK-based only, applicants must have full right to work in the UK. We are unable to provide visa sponsorship currently.

About Us
AVORD is expanding its offensive security team, and we’re looking for a passionate individual to grow our web and mobile application testing offering. As a growing team, this is an exciting opportunity to make a real impact, help shape our service offerings and contribute to the development of a dynamic offensive security practice.

AVORD operates as a remote-first company, offering flexibility in where you work while maintaining a collaborative team culture. Travel to client sites may be required when necessary if remote solutions are not possible.

Who We’re Looking For
We’re looking for web and mobile application penetration testers with a minimum of two years billable consulting experience. You will have the opportunity to play a hands-on role in delivering high-quality assessments, building tools, and shaping how we approach application security testing.

Role Overview
As a Web and Mobile Application Tester, your primary responsibility will be assessing the security of web and mobile platforms across a wide range of clients and industries. You’ll help identify vulnerabilities, advise on remediation, and contribute to internal development efforts aimed at enhancing our capabilities.

Key Responsibilities

  • Conduct penetration tests of web and mobile applications, identifying vulnerabilities and business logic issues.
  • Evaluate the security of authentication mechanisms, session management, APIs, and client-side implementations.
  • Perform dynamic and static testing of Android and iOS applications using industry-standard tools and techniques.
  • Create clear, well-structured reports for both technical and non-technical stakeholders.
  • Collaborate with peers to improve methodologies, toolkits, and reporting templates.
  • Stay abreast of the latest trends in application vulnerabilities, mobile platform updates, and offensive testing techniques.
  • Engage with clients to explain findings, suggest mitigations, and support secure development practices.

Essential Skills & Experience

  • Strong interest in offensive security, particularly application testing.
  • Solid understanding of OWASP Top 10 and mobile app security principles.
  • Competency with scripting (Python, Bash, or PowerShell) for automation or custom tooling.
  • Excellent communication and report-writing skills.
  • Self-motivated and comfortable in a remote-first, team-oriented environment.

Desirable Skills

  • Experience testing Android and iOS applications (manual and automated analysis).
  • Familiarity with mobile app reverse engineering, instrumentation, and hook-based testing.
  • Previous exposure to API testing and modern web frameworks (e.g. React, Angular, etc.).
  • Offensive certifications (e.g. OSCP, OSWE, OSWA, CPTS, OSEP).
  • Active participation on platforms like Hack The Box or TryHackMe.

Why Join AVORD?

  • Be part of a new, growing team where your ideas and contributions matter.
  • Work on diverse and challenging engagements across multiple sectors.
  • Help shape how web and mobile testing is delivered in a forward-thinking security consultancy.
  • Enjoy the flexibility of a remote-first culture with support for personal development and research.

How to Apply

If you’re passionate about penetration testing and want to be part of a team where you can truly make a difference, we’d love to hear from you.

Please provide your CV and a short cover letter

careers@avord.com

Copyright © All Rights Reserved