Be an Early Applicant
At ACE Money Transfer, our mission and culture serve as the foundation of our operations and the driving force behind.
The Role
Plan and execute PTES-aligned adversarial simulations and penetration tests across web, network, cloud, M365 and identity environments. Identify and exploit weaknesses (OWASP, AD attack paths, cloud IAM), produce CVSS-scored reports, validate remediation, run phishing/social engineering campaigns, collaborate with Blue Team/SIEM, and mentor Red Team interns.
Summary Generated by Built In
About Us:
ACE Money Transfer is a UK-based company headquartered in Manchester, United Kingdom. The company is an online remittance service provider for customers in the UK, Canada, Australia, and the European Union, including Switzerland. The company is a parent company in a group of companies with a diversified portfolio, including digital wallet services in the UK and real estate, advertising businesses, and software solutions in Pakistan.
ROLE OVERVIEW
Responsible for conducting structured adversarial simulations and technical penetration tests across ACE Money Transfer's application, infrastructure, cloud, and identity environments. Operating under a PTES-aligned methodology, the role identifies security weaknesses before threat actors can exploit them and produces high-quality findings that directly inform ACE's remediation priorities and security roadmap.
KEY RESPONSIBILITIES
REQUIRED SKILLS & EXPERIENCE:
DESIRABLE
ACE Money Transfer is a UK-based company headquartered in Manchester, United Kingdom. The company is an online remittance service provider for customers in the UK, Canada, Australia, and the European Union, including Switzerland. The company is a parent company in a group of companies with a diversified portfolio, including digital wallet services in the UK and real estate, advertising businesses, and software solutions in Pakistan.
ROLE OVERVIEW
Responsible for conducting structured adversarial simulations and technical penetration tests across ACE Money Transfer's application, infrastructure, cloud, and identity environments. Operating under a PTES-aligned methodology, the role identifies security weaknesses before threat actors can exploit them and produces high-quality findings that directly inform ACE's remediation priorities and security roadmap.
KEY RESPONSIBILITIES
- Plan and execute penetration tests across web applications, internal/external infrastructure, cloud (cloud platform), M365, and identity (Identity platform) environments
- Conduct adversarial simulations following the PTES methodology: Pre-Engagement, OSINT, Threat Modelling, Exploitation, Post-Exploitation, and Reporting
- Perform application security testing covering OWASP Top 10, business logic abuse, API security, and authentication/authorisation bypass
- Execute network-layer assessments: port scanning, service enumeration, lateral movement, privilege escalation, and credential harvesting
- Conduct cloud security assessments targeting cloud platform IAM misconfiguration, S3 exposure, Lambda abuse, and cross-account pivot scenarios
- Perform phishing simulations and social engineering exercises as part of approved red team campaigns
- Produce CVSS-scored penetration test reports with executive summaries, finding narratives, proof-of-concept evidence, and prioritised remediation guidance
- Validate remediation of previously identified findings through structured retest engagements
- Collaborate with the Blue Team and SIEM/Detection Engineer to improve detection coverage based on red team TTPs
- Mentor Red Team interns: set scoped exercises, review deliverables, and provide structured technical feedback
REQUIRED SKILLS & EXPERIENCE:
- 2 to 3 years of hands-on penetration testing across web application, network, and/or cloud environments
- Proficiency in offensive tooling: web application testing tool, exploitation framework, network scanner, vulnerability scanner, AD enumeration tool, network protocol toolkit, or equivalents
- Strong understanding of OWASP Top 10, CWE classifications, and CVSS scoring
- Experience with Active Directory / Identity platform attack paths , Kerberoasting, Pass-the-Hash, Golden Ticket
- Ability to write or adapt exploit code in Python, Bash, or PowerShell
- Experience producing professional pentest reports for both technical and executive audiences
- One or more certifications: OSCP, CRTO, CPTS, CEH (Practical), or eWPT
DESIRABLE
- Cloud penetration testing experience cloud platform IAM privilege escalation and misconfig exploitation
- Familiarity with C2 frameworks: C2 framework, C2 framework, or C2 framework
- Experience with assumed breach or purple team exercises with active Blue Team collaboration
- Familiarity with TIBER-EU or threat-intelligence-led red team frameworks
- Knowledge of DORA or PCI DSS v4.0.1 as applied to security testing scope
Skills Required
- 2 to 3 years of hands-on penetration testing across web application, network, and/or cloud environments
- Proficiency in offensive tooling: web application testing tools, exploitation frameworks, network scanners, vulnerability scanners, AD enumeration tools, network protocol toolkits
- Strong understanding of OWASP Top 10, CWE classifications, and CVSS scoring
- Experience with Active Directory / Identity platform attack paths including Kerberoasting, Pass-the-Hash, Golden Ticket
- Ability to write or adapt exploit code in Python, Bash, or PowerShell
- Experience producing professional pentest reports for both technical and executive audiences
- One or more certifications: OSCP, CRTO, CPTS, CEH (Practical), or eWPT
- Cloud penetration testing experience (cloud platform IAM privilege escalation and misconfiguration exploitation)
- Familiarity with C2 frameworks
- Experience with assumed breach or purple team exercises and Blue Team collaboration
- Familiarity with TIBER-EU or threat-intelligence-led red team frameworks
- Knowledge of DORA or PCI DSS v4.0.1 as applied to security testing scope
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
ACE Money Transfer is a global leader in providing seamless, secure, and efficient international remittance services. Established with a mission to connect families and empower individuals, we specialize in enabling people to send money to their loved ones across the globe, quickly and reliably.
Why Work With Us
At ACE Money Transfer, we don’t just offer jobs; we provide a platform for growth, purpose, and impact. Our company stands out because of its innovative approach, global reach, and commitment to both our customers and employees.
Gallery






