About easyJet
easyJet is a FTSE-listed, multi‑billion‑pound low‑cost airline that serves tens of millions of customers each year and operates a network of over 1,200 routes across 38 European countries.
Role Overview
As a Digital Safety Penetration Tester you will perform hands‑on ethical hacking engagements across a diverse range of applications, APIs, infrastructure, and cloud environments, from planning through to reporting and remediation support.
Key Responsibilities
- Plan and execute penetration tests for web and mobile applications, APIs, corporate networks, and cloud platforms including AWS, Azure, and Google Cloud.
- Identify and safely exploit vulnerabilities using a range of testing tools, techniques, and manual methods.
- Produce detailed technical reports and clear executive summaries with practical remediation guidance.
- Work closely with developers, product owners, and security teams to support remediation and re‑testing activities.
- Support security assurance activities linked to audits, compliance requirements, and risk management.
- Contribute to process improvements, testing methodologies, automation initiatives, and service enhancements.
- Stay up to date with emerging threats, vulnerabilities, and security research and share insights with the wider team.
- Collaborate with internal stakeholders and external security testing partners.
Required Qualifications
- Experience or strong practical exposure to penetration testing.
- Knowledge of common attack techniques such as SQL injection, cross‑site scripting, and privilege escalation.
- Understanding of web technologies, APIs, networking fundamentals, and operating system security basics.
- Familiarity with industry‑standard penetration testing tools, frameworks, and methodologies including OWASP Top 10.
- Ability to clearly communicate technical findings to both technical and non‑technical audiences.
- Strong analytical skills, attention to detail, and a proactive approach to problem solving.
- Collaboration mindset with the ability to manage tasks independently and work effectively across teams.
- Passion for continuous learning and keeping up to date with the evolving cyber threat landscape.
Nice to Have
- Certifications such as CREST CRT, OSCP, eJPT, or similar.
- Experience with cloud security, DevOps environments, or CI/CD pipelines.
- Scripting or automation skills in Python, PowerShell, or Bash.
- Knowledge of security standards or frameworks such as ISO 27001, PCI DSS, or NIST.
- Experience contributing to process improvements, tooling enhancements, or service development initiatives.
Benefits
- Competitive base salary.
- Up to 20% bonus.
- 25 days holiday plus bank holidays.
- BAYE, SAYE and performance share schemes.
- 7% pension contribution.
- Life assurance.
- Flexible benefits package.
- Excellent staff travel benefits.
Practicalities
This is a full‑time position with support for hybrid working and on‑site time at our Luton HQ.
Reasonable Adjustments
We are committed to providing reasonable adjustments throughout the recruitment process to ensure accessibility and accommodation. If you require specific adjustments or support, please contact .
