Penetration Tester

Job title: Penetration Tester

Location: Preston or Frimley

We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role.

Salary: Circa 55k dependent on skills and experience

What you'll be doing:

Conduct both a combination of Infrastructure and Web Application Penetration testing across BAE Systems
Develop comprehensive and accurate reports for internal audiences, ensuring the grading of vulnerabilities within the context of BAE Systems, and passing onto resolver groups for resolution
Ensuring resolution is being conducted in line with documented process
Conduct simulated attacks and vulnerability assessments to support Red and Purple Team operations, identifying security weaknesses and enhancing defensive capabilities
Contributes to the development of Active Defence, Red Team capabilities through people, process, and technology where appropriate
Maintains a broad understanding of the external threat environment and attacker tactics, techniques, and procedures

Your skills and experiences:

Essential:

Demonstrable experience in penetration testing
Proficient in penetration testing tools such as Burp Suite, Nmap, Metasploit etc
CREST Registered Penetration Tester (CRT)
The ability to clearly communication both verbally and written

Desirable

Practical Penetration Certifications such as PNPT /eCPPT
Offensive Security Certified Professional (OSCP)
CHECK Team Member

Benefits:

As well as a competitive pension scheme, BAE Systems also offers employee share plans, an extensive range of flexible discounted health, wellbeing and lifestyle benefits, including a green car scheme, private health plans and shopping discounts - you may also be eligible for an annual incentive.

The Cyber Operations Team

Cyber Operations is responsible for protecting BAE Systems from Cyber Attacks by various threat actors. Not only do we protect BAE Systems and its employees, indirectly we protect those who protect us - who serve in our military and rely on the products and services we create. Across Threat Intelligence, Threat Detection, Incident Response and Active Defence we work to evolve cyber operations as a world class capability.

This role will sit under the Active Defence, Red Team who are responsible for delivering the following capabilities in support of Cyber Operations: Red Teaming, Purple Teaming, Security Critical Control Testing, Threat Advisory Simulation and Penetration Testing.

Why BAE Systems?

This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity of thought, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome people from all backgrounds and want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks.

Closing Date: 28th August 2025

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.

#LI-NP1

#LI-Hybrid