Cybersecurity Penetration Tester

Cybersecurity Penetration Tester

Location:

Remote (with UK-wide regular on‑site client visits; approximately 50% monthly travel for on‑site pen testing)

• Safeguard UK Defence systems through advanced penetration testing and red teaming on critical military platforms
• Tackle complex threat simulations and exploit development across IT, OT, cloud, and embedded environments
• Use cutting‑edge tools with funded training and certifications (CHECK, CREST, OSCP, GIAC)
• A developmental role where you’ll put your own stamp on future capability

We are seeking a security‑cleared Penetration Tester to join our dynamic Cyber Security team, working at the forefront of UK Defence and national security. In this role, you’ll take on advanced security testing, vulnerability assessments, and red team exercises across both classified and unclassified environments – directly strengthening the resilience of mission‑critical networks and applications.

This position offers the opportunity to apply your expertise in offensive security methodologies, secure system design, and the unique challenges of defence environments. While prior defence experience is highly valued, we also welcome applications from seasoned red team specialists and offensive security professionals from sectors such as utilities, nuclear, and automotive, who bring transferable skills and fresh perspectives to our mission.

• Annual bonus (VCP)
• Pension – match like‑for‑like up to 7% of annual base salary
• Life Assurance – 2 x base salary minimum (8 x salary if part of the pension scheme)
• Income Protection – 50% of salary less state benefits for 5 years
• Annual Leave – 201 hours, bank holidays, plus 1 company day
• Private Medical Insurance – Couples cover
• Half day every Friday, usually finishing around 1:00pm
• 24/7 Employee Assistance Programme
• 24 hours paid leave for volunteering activities
• Access to flexible benefits and discounts – dental insurance, buying & selling annual leave, cycle to work, and many more

• Lead end‑to‑end penetration testing across networks, applications, cloud infrastructures, and embedded systems – delivering actionable insights that strengthen mission‑critical environments
• Drive advanced vulnerability assessments and exploit development, executing post‑exploitation activities within authorised scopes to uncover hidden risks and resilience gaps
• Orchestrate red and purple team engagements, simulating sophisticated threat scenarios against defence systems to rigorously test and enhance security posture
• Produce high‑impact technical reports and executive briefings, translating complex findings into clear risk narratives, business impact assessments, and prioritised remediation strategies
• Partner with defensive operations and risk management teams to sharpen detection, accelerate response, and embed proactive resilience across the enterprise
• Stay ahead of adversaries by maintaining expert knowledge of tactics, techniques, and procedures (TTPs) employed by state and non‑state actors in the defence sector
• Advance security testing methodologies and tooling, contributing to innovative threat modelling approaches tailored for complex, high‑assurance environments
• Champion compliance and assurance by aligning practices with MOD, NCSC, and international standards (JSP 440, ISO 27001, NIST, CHECK, CREST), ensuring robust governance and trust

At Thales, we are committed to equal opportunities and welcome all talented individuals to consider joining our team. So even if you don't match every statement below but feel you have some of the experience, knowledge or skills needed for this role, we encourage you to apply. It will take all of us working together to deliver solutions to the world’s most critical challenges.

• Degree in Computing, Cybersecurity, or a related field – or equivalent professional experience in lieu of formal tertiary studies
• CHECK Team Leader accreditation currently held
• Demonstrated track record as a Penetration Tester, Red Team Operator, or equivalent offensive security specialist
• Proven ability to manage small technical teams, demonstrating strong people skills, mentorship,…