This is the biggest challenge of them all finding a company who will take you on, especially if you are a junior penetration tester. The fact is most companies don’t want to take you on as a junior because they cannot make no money from you until you are trained up. This is where you have to really work hard and try to make improvements to yourself to make sure you’re a better asset to a company. There are a number of ways you can do this depending on your situation, the quickest way is to do as many certificates as you can but this comes at a heavy price. The other way is to get involved within the security community you’ll be surprised how small it is and everyone knows everyone else.
Networking is a good way to get involved in the community this way you get to meet professionals who work within the industry this way you can make contacts who will keep you in mind for jobs. The best way to network is by going to security events, there are many throughout the year like 44Con,BCS Events as well as many more around the UK. If you are not on linkedin I recommend joining up as its a good way to manage your new contacts (Feel Free to add me).
If you can code then writing a good security tool is another good way to get your name out into the industry and it looks really good on a CV.
Trying to get experience is one of the hardest things to do as you can’t get a job without experience but no one wants to give you a job to try and get that experience (catch 22) If you have no experience my only advice is to try and work on some security certificates. If a company can see you putting your own money into your development they may think you are worth hiring.
Another thing you could try would be build a website with lots of security problems like XSS, SQL Injections and Information leakage as well as lots of other issues you can have with web apps(OWASP TOP 10). Then do a full Penetration test of the site writing a report on your findings. Then fix any issues that you find this will not only give you some experience but also a report that you can send to companies or leave with them at the interview.(I have a template that can be used, feel free to contact me)
BCS Recruit page sometimes has security jobs on it.
www.trustwave.com London Main Office
www.sapphire.net Stokton on Tees | London
www.uk.secdata.com Maidstone, Kent
www.nta-monitor.com Rochester, Kent
www.bii-compliance.com Maidstone, Kent
www.firstbase.co.uk West Sussex
www.nccgroup.com Manchester Main Office
www.pwc.co.uk London Main Office
www.sec-1.com – Leeds
www.firstdefenceis.com – Yorkshire
www.ioactive.com - London
www.contextis.com – London
www.redrockconsulting.co.uk – Bristol
www.hp.com - London,Manchester
ww.caretower.com- London, South Africa, Bulgaria
www.7safe.com/- London, Cambridge
ww.commissum.com- London, Edinburgh, Zurich
www.gss.co.uk/- Edinburgh, West Sussex, Berkshire, Godalming
www.gdssecurity.com- London, New York
www.secforce.com- London, South Africa
www.integralis.com- London, Reading, Manchester, Leeds,
www.sapphire.net London, Scotland and Darlington
www.crest-approved.org Council of Registered Ethical Security Testers
www.instisp.org The Institute of Information Security Professioanl
www.tigerscheme.org The TIGER Scheme provides a means of independently certifying the skills of vulnerability test
If you would like you company added please contact me.