Evelyn Partners is the UK’s leading integrated wealth management and professional services group. With £56 billion of assets under management (as of November 2021), we rank as the third largest UK wealth manager measured by revenues and the sixth largest professional services firm ranked by fee income (source: Accountancy Age 50+50 rankings, 2021).

We are driven by our purpose to place the power of good advice into more hands for both individuals and businesses. Our purpose is supported by our 3 core values:

Personal — we treat you as an individual

Partnership — we go further together

Performance — we strive for more


What will you be doing?

Evelyn Partners is looking for an experienced cybersecurity threat analyst & penetration testing professional with expertise in threat intelligence analysis, threat hunting, penetration testing and security engineering. The candidate must have a thorough understanding of and an ability to perform as a productive member of an Information Security organisation. The position will require the execution of day-to-day threat management and penetration testing activities and the enhancement of the overall effectiveness and efficiency of the cybersecurity capabilities across the Evelyn Partners Enterprise.

As Threat & Penetration Testing Analyst some of your responsibilities will include:

  • Threat lead for entire organisation, directly accountable for the development of high impact intelligence and modelling.
  • Subject matter expertise in web, mobile and network penetration testing with a record of accomplishment of end-to-end testing of complex systems.
  • Produce high quality standardised intelligence reports to a full range of stakeholders, from technical peers to senior executives, providing detailed analysis on cyber events.
  • Provide technical SMEs and business decision-makers with a strategic view of the threat, predicting shifts in adversarial intent, goals and strategic objectives.
  • Create and maintain detailed threat actor profiles on all relevant threat actors and groups within the threat area, mapping known TTPs to the MITRE ATT&CK framework.
  • Protect the organisation by performing technical research into advanced, targeted attacks, malware campaigns, malware and other emerging technologies that pose a risk to the organisation.
  • Digest intelligence leads from a wide range of intelligence sources including open source, hacker forums, peer exchange forums worldwide to give stakeholders a view of the current and future threat.
  • Review intelligence from multiple internal sources to determine threats to the organisation.
  • Ability to collect, analyse, and interpret qualitative and quantitative data from multiple sources and exercising critical thinking in assessing the threat
  • Establish, develop and own relationships with internal and external stakeholders, and provide briefings where needed.
  • Actively and positively engage and contribute to relevant sector Trust Groups, and the wider information security community.
  • Dig into newly identified malware to provide customers with the appropriate details to remediate and leverage the knowledge gained for future automation
  • Conducting elevated risk and sensitive ethical hacks of internally and externally hosted applications according to scope.
  • Co-ordinate and execute system/network level pen tests and ethical hacking exercises.
  • Pro-actively research and identify network and system vulnerabilities and provide recommended counter measures or controls to reduce risk to acceptable and manageable level.
  • Research new threats, attack vectors, and risks and evaluate them against TS&W’s blue team defenses.
  • Communicate via verbal and written communication to explain why the testing is important and what it means to the organisation.
  • Analyse reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
  • Develop and automate scripts, tools and resources needed to advance ethical hacking capabilities around new and emerging technologies like mobile, cloud and embedded systems.
  • Act as part of the incident response team where appropriate and provide operational cyber intelligence support during ongoing incidents.
  • Facilitate removal or remediation of vulnerabilities in collaboration with our broader engineering and operations teams.
  • Own and develop TS&Ws penetration testing program and toolkit.


To be successful in this role, you should meet the following requirements:

  • Degree or Bachelor's degree or equivalent self-guided study experience in Information Technology, Computer Science, System Administration, or Cyber Security
  • Certification in cybersecurity domains and pentesting is preferred, especially CREST, OSCP, CEH, CompTIA+, GIAC GREM, GDAT, GPEN, OSCE, CISSP, GCTI.
  • Comprehensive experience in penetration testing assessments (infrastructure / web app / mobile / networks)
  • Comprehensive experience in cloud environments (Azure/M365 preferably)
  • Extensive experience in the preparation and production of written intelligence reports and penetration testing reports.
  • Extensive knowledge of the OWASP Top 10 and CWE Top 25
  • System Administration Skills: (Network Protocols & Ports, OSI Layers, Network Segmentation techniques such as VLANs, Network Address Translation, Public & Private IP Addresses, Default Gateways, Subnet Masks, and IP Address assignment, DNS, Firewalls, IDS, Load Balancers, and Proxy Servers, Remote Access Methods such as VPNs, RDP, SSH, VNC, and Telnet)
  • Familiarity with Windows Enterprise Domain Administration: (Active Directory, Group Policy, PowerShell, Windows Server Update Service, and Domain Trusts)
  • Network Analysis: (Familiarity with Wireshark, Basic understanding of HTTP Headers & Methods, File extraction from PCAP)
  • Scripting/programming experience
  • OSCP, CREST or other industry recognised certifications.
  • Social engineering
  • Strong experience and understanding of intelligence processes: analytical methods, the intelligence cycle, intelligence collection plans, source and information evaluation etc.
  • Familiarity with structured analysis techniques for intrusion analysis e.g., Kill Chain, Diamond Model, MITRE ATT&CK.
  • Ability to identify Threat Actors TTPs, process large data sets to identify patterns and anomalies indicative of malicious activities.
  • Experience in Threat Hunting with tools such as Virus Total Intelligence, pDNS, Certificate Transparency logs, Shodan, Censys etc.
  • Signature development experience, such as with YARA, JA3, Snort, Sigma, EDR signals.
  • Robust technical investigative skills and expertise, such as an understanding of network protocols (particularly network layer, presentation layer and application layer).


As a colleague here at Evelyn Partners you will have access to benefits that include:

  • Competitive salary
  • Private medical insurance
  • Life assurance
  • Pension contribution
  • Hybrid working model (role dependent)
  • Generous holiday package
  • Option to purchase additional holiday
  • Shared parental leave

We value the differences that a diverse workforce brings, representative of our society and clients.  We are committed to providing a work environment where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment.

If you need any reasonable adjustments for your application process, please let your recruiter know.