Cybersecurity Penetration Tester
Join a team where red teaming meets real impact – safeguarding defence platforms that shape national security. This role is Remote with UK-wide regular on-site client visits (approximately 50% monthly travel for on-site pen testing).
Key Responsibilities And Tasks
* Lead end‑to‑end penetration testing across networks, applications, cloud infrastructures, and embedded systems – delivering actionable insights that strengthen mission‑critical environments.
* Drive advanced vulnerability assessments and exploit development, executing post‑exploitation activities within authorised scopes to uncover hidden risks and resilience gaps.
* Orchestrate red and purple team engagements, simulating sophisticated threat scenarios against defence systems to rigorously test and enhance security posture.
* Produce high‑impact technical reports and executive briefings, translating complex findings into clear risk narratives, business impact assessments, and prioritised remediation strategies.
* Partner with defensive operations and risk management teams to sharpen detection, accelerate response, and embed proactive resilience across the enterprise.
* Maintain expert knowledge of tactics, techniques, and procedures (TTPs) employed by state and non‑state actors in the defence sector.
* Advance security testing methodologies and tooling, contributing to innovative threat‑modelling approaches tailored for complex, high‑assurance environments.
* Champion compliance and assurance by aligning practices with MOD, NCSC, and international standards (JSP 440, ISO 27001, NIST, CHECK, CREST), ensuring robust governance trust.
About You
At Thales, we are committed to equal opportunities and welcome all talented individuals to consider joining our team. Even if you don’t match every statement below but feel you have some of the experience, knowledge or skills needed for this role, we encourage you to apply.
Essential
* Degree in Computing, Cybersecurity, or a related field – or equivalent professional experience.
* CHECK Team Leader accreditation currently held.
* Demonstrated track record as a Penetration Tester, Red Team Operator, or equivalent offensive security specialist.
* Proven ability to manage small technical teams, demonstrating strong people skills, mentorship, and collaborative leadership.
* Deep expertise in network protocols, application security, operating systems, and cloud platforms across both IT and OT environments.
* Hands‑on proficiency with industry‑standard tools including Burp Suite, Metasploit, Cobalt Strike, Nmap, Nessus, plus custom scripting in Python, PowerShell, and Bash.
* Proven experience conducting penetration tests across diverse systems: Windows, Linux, Android, iOS, Web Applications, and Cloud infrastructures.
* Familiarity with defence and government environments, including secure handling of classified information.
* Exceptional written and verbal communication skills, able to translate complex technical findings into clear, actionable insights.
* SC or DV clearance (mandatory for project delivery), with eligibility or current holding.
Desirable
* Recognised certifications such as CREST (CPSA, CRT, CCT INF, CCT APP, CCRTS, CCRTM), CHECK Team Member/Leader, OSCP, OSCE3, CEH, or GIAC (GPEN, GWAPT, GRTP, GXPN).
* Exposure to IC S/SCADA, RF systems, or military‑grade communication networks.
* Strong grasp of Threat Intelligence, MITRE ATT&CK framework, and adversary emulation techniques.
* Previous involvement in projects supporting the MOD, defence primes, or critical national infrastructure (CNI).
* Domain expertise across Defence, Nuclear, Government, Aerospace, CNI, and Transport sectors.
What We Offer You
* Competitive salary and benefits package designed to support employee wellbeing and professional growth.
* Annual bonus (VCP).
* Pension match up to 7 % of annual base salary.
* Life Assurance 2 × base salary minimum (8 × salary if part of the pension scheme).
* Income Protection 50 % of salary less state benefits for 5 years.
* Annual leave 201 hours, bank holidays, plus 1 company day.
* Private Medical Insurance – Couples cover.
* Half‑day every Friday, usually finishing around 1:00 pm.
* 24/7 Employee Assistance Programme.
* 24 hours paid leave for volunteering activities.
* Access to flexible benefits and discounts (dental insurance, buying & selling annual leave, cycle‑to‑work, and many more).
Security Clearance & Eligibility
This role requires you to be a UK National and achieve Security Clearance (SC) without any caveats. If you are not currently held, you must undergo, achieve, and maintain SC Clearance prior to commencing employment. Dual nationality from a non‑ITAR country may be considered if approved by the MOD.
Equal Opportunity & Inclusive Recruitment
Thales UK is committed to providing an inclusive and barrier‑free recruitment process. We will provide reasonable adjustments and support to ensure neuro‑diverse applicants or those with a disability or long‑term condition can be their best during the recruitment process. If you need this job advert in an alternative format or have any questions about the recruitment process, please contact the appropriate team.
#J-18808-Ljbffr