We’re Civica and we make software that helps deliver critical services for citizens all around the world. From local to state government, to education, to health and care, over 5,000 public bodies across the globe use our software to help provide critical services to over 100 million citizens.
Our aspiration is to be a GovTech champion everywhere we work around the globe, supporting the needs of citizens and those that serve them every day. Building on 21 years of continuous growth and success, we're at a pivotal point on our journey to realise that aspiration.
As a company, we’re passionate about what we do and the citizens we help to serve. If you too would like to help champion the use of technology in public services, to improve outcomes for citizens and public sector organisations, then Civica is the right place for you. We will help you unlock the best version of yourself, achieve growth in your career whilst making a real difference to people and communities.
Why will you love this opportunity as Penetration Tester at Civica?
Step into a lead role where your expertise drives high‑impact penetration testing projects across web applications, APIs, mobile platforms, and network infrastructure. You’ll work independently with confidence, applying frameworks like OWASP Top 10 and SANS/CWE Top 25 to uncover, exploit, and clearly document vulnerabilities that matter.
Take ownership of comprehensive security assessments by blending manual and automated techniques — from deep enumeration and exploitation to thorough follow‑up validation. Your skills will shape mobile security reviews on Android and iOS, as well as cloud security evaluations on AWS and Azure.
You’ll craft reports that don’t just highlight issues but tell a clear story — accessible to both technical teams and non‑experts, with actionable recommendations that drive real change. Collaboration is key: you’ll partner closely with development and infrastructure teams to ensure patches are applied, tested, and validated.
Most importantly, you’ll stay ahead of the curve — continuously sharpening your knowledge with the latest CVEs, attack methods, and cutting‑edge tools. This role isn’t just about testing systems; it’s about being a trusted guardian of Civica’s digital resilience.