Cleared Cybersecurity Jobs UK 2026: Working with NCSC and GCHQ

The Short Answer

Cleared cybersecurity jobs in the UK are roles requiring formal HM Government security clearance — typically Security Check (SC), Developed Vetting (DV) or enhanced DV (eDV) — and they sit across the National Cyber Security Centre (NCSC), GCHQ, the Ministry of Defence, Dstl, and the major cleared contractors such as BAE Systems Digital Intelligence, QinetiQ, Roke, Leidos UK, CGI UK, Capgemini, Sopra Steria, Atos and Thales UK. In 2026 we are seeing SC-cleared SOC analysts paid £55,000–£80,000, SC-cleared penetration testers at £75,000–£120,000, and DV-cleared mid-to-senior specialists earning £100,000–£160,000, with eDV contractor day rates frequently sitting between £700 and £1,400. Clearance is administered by United Kingdom Security Vetting (UKSV) and is always sponsored by a cleared employer — you cannot apply for it independently. Most demand is concentrated around Cheltenham, Bristol, London, Farnborough and Salisbury.

What Counts as a "Cleared" Cybersecurity Role in the UK?

A cleared cybersecurity role is any cyber position that requires the post-holder to hold an active HMG personnel security clearance before they can access the systems, networks, sites or intelligence the job concerns. In practice this means roles working on, or adjacent to, government, defence, intelligence, critical national infrastructure and certain cleared commercial programmes.

Common cleared cyber roles in 2026 include Cleared SOC Analyst, Cyber Threat Intelligence Analyst, Penetration Tester (often CHECK Team Leader or CREST-certified), Reverse Engineer and Malware Analyst, OT/ICS Security Engineer, Cyber Architect on defence programmes, and Incident Response Lead. The same job title can sit at different clearance tiers depending on what data the role touches: an SC-cleared SOC analyst at a defence prime and a DV-cleared SOC analyst inside an intelligence-grade environment do broadly similar work, but they are not interchangeable hires.

Clearance is not a qualification you carry forever in the abstract. It is sponsored by an employer for a specific role, can lapse, and is generally re-checked on a rolling basis. That has hiring implications: candidates who already hold current SC or DV through a sponsor tend to be shortlisted faster, because the employer avoids a multi-month clearance wait.

Which UK Employers Hire Cleared Cyber Staff?

The cleared cyber market in the UK is dominated by a relatively small number of organisations. On the government side the headline employers are GCHQ in Cheltenham, the NCSC (which is part of GCHQ but operates a distinct hiring brand), the Ministry of Defence Cyber and Specialist Operations teams, the Defence Science and Technology Laboratory (Dstl) at Porton Down near Salisbury, and AWE at Aldermaston. The Civil Service Cyber Fast Stream and direct-entry NCSC technical routes also sit here.

On the contractor and prime side, BAE Systems Digital Intelligence (formerly Detica/Applied Intelligence), QinetiQ in Farnborough, Roke in Romsey, Frazer-Nash, Thales UK and Leidos UK are the most consistent recruiters of cleared cyber staff. The big systems integrators — CGI UK, Capgemini UK Public Sector, Atos Defence and Sopra Steria UK — run substantial cleared cyber practices supporting central government, defence and the Home Office. NCC Group sits slightly to one side: it is a commercial cyber consultancy but holds a meaningful share of CHECK and CREST cleared pen testing work for UK government.

Below the headline names, a longer tail of specialist SMEs — often Cheltenham-based, often spun out of GCHQ alumni — handle niche assurance, reverse engineering and OT/ICS work. We would caution any candidate against treating "cleared cyber" as a single market: the culture, pace and pay between a small Cheltenham specialist and a Tier 1 prime are markedly different.

What Are the UK Security Clearance Levels?

The UK runs a tiered national security vetting framework, administered by United Kingdom Security Vetting (UKSV) on behalf of the Cabinet Office. The levels most cyber candidates will encounter are BPSS, CTC, SC, DV and eDV, with STRAP indoctrination layered on top for specific intelligence material.

Treat the processing times as indicative — UKSV backlogs have moved noticeably over the past few years and we would advise candidates to ask the sponsoring employer for current realistic timelines rather than relying on published guidance. STRAP is not a separate clearance but an indoctrination overlay for handling specific compartmented material, generally requiring DV or eDV as the underlying baseline.

How Much Do Cleared Cyber Jobs Pay in 2026?

Salaries vary substantially by clearance level, role type and whether the post is permanent or contract. In our reading of cleared cyber postings in early 2026, indicative ranges look like this:

• SC-cleared SOC analyst (mid-level): £55,000–£80,000 base, plus shift allowances where 24/7 cover applies.

• SC-cleared penetration tester (CHECK Team Member to Team Leader): £75,000–£120,000 base, with CHECK Team Leader status sitting toward the upper end.

• SC-cleared cyber architect on defence programmes: £80,000–£115,000 base.

• DV-cleared mid-to-senior specialist (reverse engineer, threat intelligence, incident response lead): £100,000–£160,000 base.

• eDV-cleared contractor specialists: day rates typically £700–£1,400 inside or outside IR35 depending on engagement model.

The DV-over-SC premium tends to sit in the 15–30% range for equivalent role types, although that gap narrows for very senior architect and leadership positions where the underlying scarcity is the role itself rather than the clearance. Cheltenham, Bristol and London concentrate the highest-paying cleared cyber roles; Farnborough and Salisbury sit slightly below those headline figures but offer a markedly lower cost of living. Direct civil service routes into NCSC and GCHQ generally pay below private sector contractors at equivalent grade, with the trade being mission, training, and clearance sponsorship from a standing start.

We would treat any specific number cautiously: cleared salaries are negotiated more than published, and a CHECK Team Leader with active DV in 2026 is a genuinely scarce hire whose offer can sit well above the band.

Can You Apply for Your Own Clearance?

No. UK security clearance is sponsored — an employer with a need to clear you submits the application through UKSV on your behalf, and clearance is granted in respect of that role. You cannot self-apply, cannot pay for it privately, and cannot "transfer" a clearance from a previous employer without the new sponsor formally taking it on. This is a frequent point of confusion, particularly for candidates moving from US-cleared environments where the model is different.

Eligibility generally requires sole or dual British nationality (for SC), with a UK residency record covering the previous five years for SC and ten years for DV/eDV. DV and eDV roles often require sole British nationality and a tightly evidenced residency, financial and personal history. UKSV will look at finances, foreign travel, foreign contacts, criminal record, substance use and online presence; truthful disclosure matters considerably more than a clean slate, and we would caution against attempting to omit anything on the assumption it will not surface.

If you are eligible but uncleared, the realistic route in is to apply to a sponsoring employer that is comfortable hiring at SC-eligible status and waiting through the vetting period. Several primes and the NCSC explicitly hire on this basis, with the candidate working on non-cleared or BPSS-only material until clearance lands.

What Does NCSC and GCHQ Hiring Actually Look Like?

NCSC sits within GCHQ but recruits across two visible tracks: direct civil service positions advertised through Civil Service Jobs and the GCHQ Careers site, and the Industry 100 (i100) secondment scheme that brings industry professionals into NCSC part-time for fixed periods. The i100 route is a genuinely useful entry path for mid-career cyber professionals who want to work on national-level problems without leaving their employer.

Direct GCHQ technical roles range from cyber security expert and technical analyst positions through to specialist engineering, mathematics and language streams. Pay is structured against civil service grades — meaningfully below contractor day rates — but the work, training pipeline and clearance sponsorship are the recognised draws. Cheltenham is the primary location, with smaller GCHQ and NCSC footprints in Manchester, London and Bude. We would encourage candidates not to over-read the public job postings: GCHQ runs structured assessment processes that emphasise reasoning and judgement at least as much as the specific technologies on a CV.

Demand signals into 2026 are being driven by the UK's response to NIS2-equivalent regulation, the NCSC's expanded remit around critical national infrastructure resilience, and the growing overlap between cleared cyber and cleared AI work. Defence primes are visibly hiring in OT/ICS security and in AI/ML assurance — areas where cleared cyber, cleared data science and cleared engineering increasingly meet.

Which Certifications Matter for Cleared Cyber Roles?

Certifications matter more in cleared cyber than in many other tech disciplines because they map cleanly to specific HMG-recognised schemes. CHECK and CREST are the two anchors: CHECK is the NCSC-owned scheme for IT health-check testing of HMG systems, and CREST runs the broader commercial penetration testing, threat intelligence and SOC certification stack. A CHECK Team Leader (CTL) sitting on active SC is one of the more sought-after profiles in the UK market.

For SOC and incident response work, GIAC certifications (GCIA, GCIH, GCFA, GREM) carry significant weight, as does CREST Registered Intrusion Analyst (CRIA) and CREST Certified Incident Manager. For governance, risk and assurance roles around government accreditation, CISSP, CISM and the older CESG Certified Professional (now NCSC Certified Cyber Professional, CCP) scheme are still routinely listed. Reverse engineering and malware roles tend to weight CREST Certified Malware Reverse Engineer or strong demonstrable work — published research, CTF results, prior cleared work — over any specific badge.

We would caution against stacking certifications in the absence of operational experience. Cleared employers, particularly NCSC and the technical primes, interview hard on practical reasoning. Certifications open the door; they do not, on their own, get the offer.

Where in the UK Are These Roles Concentrated?

Cleared cyber work clusters around a small number of UK locations. Cheltenham is the centre of gravity, anchored by GCHQ and NCSC, with a dense surrounding ecosystem of cleared SMEs and primes. Bristol carries a significant cleared cyber and defence digital footprint, including MoD digital programmes and contractor sites. London hosts NCSC's secondary footprint, the bulk of central government cyber roles, and most of the systems integrators' cleared practices.

Outside the south-east, Farnborough is the QinetiQ heartland and a meaningful concentration of cleared engineering work; Salisbury and Porton Down are home to Dstl; Aldermaston is the AWE site; and Manchester has been growing as a secondary government technology hub with a visible cleared cyber presence. Romsey hosts Roke. For candidates open to relocation, the Cheltenham–Bristol corridor offers the deepest cleared cyber market in the country; for those committed to London, expect a wider mix of integrator and consultancy work and slightly fewer pure intelligence-grade roles.

Remote and hybrid working in cleared cyber is more constrained than in general tech. Most cleared work above SC requires significant on-site presence at accredited facilities, and DV/eDV roles are frequently fully on-site. Hybrid patterns of two to three days on-site are now common at SC level for non-operational roles, but we would not assume remote-first availability when planning a move.

Frequently Asked Questions: Cleared Cybersecurity Jobs UK

How long does SC clearance take in 2026?

UKSV publishes target processing times, but realistic timelines for SC in 2026 generally sit in the 6–12 week range, with some applications running longer where there is a complex residency, financial or foreign-contact picture. DV typically runs 6–12 months, and eDV can take longer. We would always ask the sponsoring employer for their current observed turnaround rather than relying on headline figures.

Can a non-UK national get cleared?

For SC, dual nationals and certain Commonwealth and Irish citizens with sufficient UK residency are often eligible. DV and eDV roles frequently require sole British nationality and a strong, well-evidenced UK residency record. Policy varies by sponsoring department and changes over time; the only reliable answer is to check eligibility directly with the specific role's sponsor before applying.

Is the pay really better than commercial cyber?

At SC level the pay is broadly comparable to good commercial cyber roles, sometimes slightly behind on base but with strong stability and pension. At DV and eDV level pay typically moves above commercial equivalents, and contractor day rates for scarce DV skills (reverse engineering, advanced exploit development, cleared cloud security architecture) sit well above the general market.

Do I need a degree?

Not strictly. NCSC, GCHQ and most defence primes hire on demonstrated capability and aptitude, with structured assessment processes. A relevant degree helps, particularly for graduate schemes, but skilled apprenticeship routes, military transition, and proven CTF, bug bounty or open-source security work are all credible entry paths. CHECK and CREST progression matters more than degree class for technical pen testing tracks.

Can I keep my clearance between jobs?

Clearance is sponsored against a role, but in practice it can be transferred or reactivated if a new cleared employer takes it on within a defined window — generally up to 12 months for SC, shorter for DV. Outside that window, or where the new sponsor needs a higher level, expect a fresh vetting cycle. Recruiters in the cleared market always ask whether your clearance is current and sponsored.

What is the difference between NCSC and GCHQ jobs?

NCSC is the UK's national technical authority for cyber security and sits within GCHQ. In practice, NCSC roles are externally facing — supporting government, critical national infrastructure and the wider economy — while GCHQ's broader mission spans signals intelligence, cyber operations and national security. Many staff move between the two over a career; the recruitment portals overlap, and clearance carries across within the organisation.

Are AI skills useful for cleared cyber roles?

Increasingly, yes. NCSC, Dstl and the major primes are hiring against an overlap of cyber and AI/ML, particularly for defensive AI, model assurance, and adversarial machine learning. Cleared candidates with credible ML engineering or data science experience alongside core cyber skills are a small and growing market. We would not over-pivot a CV toward AI buzzwords, but genuine practical ML capability adds meaningful weight.

Is contracting viable in cleared cyber?

Yes, particularly at DV and eDV level for specialist skills. IR35 status varies by engagement and by department, and inside-IR35 engagements are common in central government. Day rates of £700–£1,400 are realistic for scarce DV-cleared skills in 2026, though we would caution that contractor demand fluctuates with departmental budget cycles and is rarely as stable as the permanent market.

Summary: Is a Cleared Cyber Career Right for You?

Cleared cybersecurity in the UK in 2026 offers a genuinely distinctive proposition: nationally important work, structured training, and pay that — particularly at DV and eDV — competes well with the commercial market. It is also a slower, more on-site, more administratively heavy environment than general cyber, and it is closed to candidates who cannot meet the nationality and residency thresholds. If you are eligible, comfortable with on-site working in Cheltenham, Bristol, London, Farnborough or Salisbury, and drawn to mission-led work at NCSC, GCHQ, MoD, Dstl or one of the major cleared primes, it is one of the strongest specialist tracks in UK cyber. The realistic entry route for most candidates is to target an SC-sponsoring employer, work through vetting, and build the CHECK, CREST or GIAC profile that opens the next step up.

Looking for your next cleared cybersecurity role? Browse the latest cleared cyber, SC, DV and eDV vacancies at cybersecurityjobs.tech — the UK's specialist job board for cyber security professionals working with NCSC, GCHQ, MoD and the defence primes.