Principal Security Consultant

About ClaranetFounded at the beginning of the bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernisation experts, who deliver solutions across 11+ countries.At Claranet, we’re experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We’re committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business.We are agile, focused and experienced in business modernisation. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.In the UK we have over 500 staff working in London, Gloucester, Warrington, Leeds or as homeworkers and 130 staff working for global projectsWorking For ClaranetHere at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean it). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, gym and other benefits.But what we think makes us different is ‘Team Claranet,’ our dedicated internal part of the business that supports you with matters close to your heart.Our VisionOur vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.Position SummaryThe Principal Security Consultant is responsible for leading and delivering high-impact security training programs while supporting advanced penetration testing engagements. This role is primarily focused on building and delivering practical, hands-on training that enhances offensive security capabilities and secure development across client organizations.The successful candidate will be passionate about both offensive security and education—capable of not only discovering advanced attack paths but also clearly communicating them through engaging, developer-focused training. Strong client engagement skills are essential, including the ability to deliver strategic security guidance and build long-term relationships through high-quality consulting and training delivery.Our team is growing, and we are looking for individuals who can help us continue to build a world-class cyber security practice while contributing to the development of our training capabilities and technical excellence.Based in India, this role will lead penetration testing engagements and deliver training for global clients, working as part of an international team of security consultants who actively collaborate on research, tooling, and knowledge sharing.As a respected training provider and a leading contributor to Black Hat conferences, this role provides opportunities to design and deliver training to private clients, at industry events, and at international conferences.In addition to delivery, the consultant will play a key role in developing and evolving technical training content, including hands-on labs, vulnerable applications, demonstrations, and course materials aligned with modern attack techniques. The role also involves mentoring junior consultants, contributing to internal capability building, and helping shape the next generation of security testers and trainers within the organization.Candidates with experience delivering advanced hands-on training, presenting at industry events, or conducting technical workshops are strongly encouraged to apply.Objectives & Key ResultsThe Principal Security Consultant is a senior member of the Consultancy Team, acting as a trusted advisor, technical leader, and subject matter expert in cybersecurity, with a strong emphasis on delivering and scaling high-impact security training. The key objectives will be to:Deliver high-impact security training programs across private clients, public events, and industry conferences, with a focus on Web Security, DevSecOPS and Application Security enabling participants to effectively identify and remediate real-world vulnerabilitiesContinuously develop and enhance training content, labs, and vulnerable applications to reflect the latest offensive security techniques and emerging threats, including AI/LLMLead and execute advanced penetration testing engagements across web, mobile, API, secure code review to identifying complex attack paths and security weaknessesPerform secure code reviews, including SAST/DAST assessmentProvide clear, actionable, and risk-based security recommendations to clients, effectively communicating technical findings to both technical and non-technical stakeholdersBuild and maintain strong client relationships by acting as a trusted security advisor and delivering consistently high-quality consulting and training servicesMentor and develop junior consultants, contributing to internal capability building, knowledge sharing, and the growth of future trainers within the organizationEssential Roles & ResponsibilitiesDemonstrated ability to develop and deliver technical security training, including hands-on workshops and lab-based courses for enterprise customers or public audiencesExperience designing training content, including vulnerable applications, attack labs, demonstrations, and courseware based on real-world penetration testing scenariosWork individually or as a part of team delivering security assessments to NotSoSecure clients both remotely and onsitePerform web, infrastructure, mobile, AI/LLM penetration testing and secure code reviewsExploit vulnerabilities identified in client systems and communicate vulnerabilities to customersCreate assessment reports explaining technical and business risk of the vulnerabilities discovered including remediation recommendations for the clientsManage project related tasks as per communicated deadlinesKeep abreast with latest technology risks and utilise them in projectsParticipate in project conference calls and lead the technical content on those callsKey Skills & RequirementsExtensive experience in Information Security with strong expertise in penetration testing and application securityEstablished in designing and delivering technical security training for security professionals, developers or DevSecOpsProven ability to build structured training programs, including hands-on labs, vulnerable applications, and real-world attack simulationsDemonstrated ability to create structured training programs, including hands-on labs, vulnerable applications, and real-world attack scenariosStrong ability to simplify and communicate complex security concepts and vulnerabilities to technical and non-technical audiencesHands-on expertise in web, API, mobile, and AI/LLM penetration testing, with the ability to demonstrate real-world exploitation techniques during trainingExperience performing secure code reviews and translating findings into developer-focused remediation guidanceSolid understanding of modern application architectures, secure SDLC practices, and DevSecOps principlesProficiency with security testing tools such as Burp Suite Pro, Kali Linux, SQLMap, Nessus, and similar toolsets, with the ability to incorporate them into training deliveryStrong scripting or programming skills (e.g., Python, JavaScript, Bash, Java, .NET) to build training labs, automation, or demonstrationsExcellent presentation, facilitation, and communication skills, with confidence in delivering training to large and diverse audiencesPassion for continuous learning and contributing to the security community through research, content creation, or conference presentationsHigh ethical standards and professionalism in handling client engagements and training deliveryWillingness and ability to travel for delivering training sessions, workshops, and conferences (as required)

Apply Now