Your entry point to a successful penetration testing career

Do you want a job in cyber security but don’t know how to break into the industry? Tired of seeing “junior” positions that require years of industry experience?

Each year we run an “Accelerator Program” which is designed for career changers, graduates and plenty more besides, who wish to get a head start in the cyber security industry. After months of bespoke training that will expand your technical capabilities, and develop your consultancy skills, you’ll start to get involved in delivery and be on your way towards a long and fruitful career with LRQA Nettitude. This is a full-time position which demands a lot from only the best, brightest and most motivated.

It is designed with offensive security in mind, although watch this space for a new Blue Team program that we are working on! Below are some, but not all, of the activities the training will involve:

  • Consultancy training – Scenario-based role play training
  • Basics of web development
  • Web application penetration testing
  • External infrastructure penetration testing
  • Internal infrastructure penetration testing
  • Dedicated time to obtain an industry certification (e.g. OSCP)
  • Guided real-life penetration tests with our senior testers

Who is this designed for?

Our Accelerator Program is designed with the following in mind:

  • It’s for graduates, career changers and anyone else who is looking to enter the offensive side of the cyber security industry.  No professional penetration testing experience required!
  • We select individuals based on a number of data points that favour strong aptitude and a credible interest in the industry.
  • Individuals who can demonstrate credible interest often have one or more of the following.  This is not an exhaustive list, nor is every feature mandatory:
    • have completed a degree, course or certification in something cyber security related.
    • have written a blog related to cyber security
    • can demonstrate motivation and self-development, perhaps through a home lab setup with vulnerable machines, having competed in CTFs, or similar
    • belong to a security focused group, e.g. at university, or in the wider industry (e.g. OWASP chapter participation, etc.)
    • have attended or contributed to community conferences in some way
    • contribute to software projects, potentially including their own small projects
    • …and many other examples of credible interest!

How To Apply

To apply, you need to:

  • Submit your CV and cover letter.
  • Complete our Capture the Flag exercise.
  • Send us a written file outlining how you managed to capture the flag.

Once you have applied through the Capture the Flag exercise, your application will be reviewed within a week. If your application is successful, we will schedule an interview with you at the next available date.

The Capture the Flag exercise will require out-of-the-box thinking and problem-solving skills to capture the flag. You will encounter a mixture of disciplines and may need to do some research. We will not only be looking for the flags you capture but also the challenges you had to overcome in your written analysis. More details on the rules and conditions for the Capture the Flag exercise can be found here . Good luck, and enjoy!

Please sign up for an account on our LRQA Nettitude Accelerator Program Capture the Flag site

Applicants from the UK – Register here

Applicants from Greece – Register here 

For all flags corresponding to VM-based challenges, you need to submit a written file as well. This will be a text file containing a brief description of how you managed to capture the flag. Non-VM-based challenges do not require a written analysis.

You can submit a written analysis even if you didn’t capture the flag; we appreciate the thought process, not just reaching the destination and capturing the flag. While we encourage people to attempt all the challenges we offer, completion of all challenges is not required to be considered for the program. Two well-written analyses would be enough to apply and be considered for the role.

Rules of Engagement

All rules are specified on our CTF system; you must read and abide by the rules of engagement.

The website and all associated infrastructure (e.g., CTF registration server, etc.) are strictly out of scope. The system clearly states what is in scope.

If you encounter any issues, please contact an admin at .

We will be reviewing candidates’ submissions weekly and will contact those who are successful via e-mail to arrange a telephone interview.