Ethical Hacker

Cybersecurity Penetration Tester
Location: Remote (with UK-wide regular on‑site client visits; approximately 50% monthly travel for on‑site pen testing)

Join a team where red teaming meets real impact - safeguarding defence platforms that shape national security

Safeguard UK Defence systems through advanced penetration testing and red teaming on critical military platforms
Tackle complex threat simulations and exploit development across IT, OT, cloud, and embedded environments
Use cutting‑edge tools with funded training and certifications (CHECK, CREST, OSCP, GIAC)
We are seeking a security‑cleared Penetration Tester to join our dynamic Cyber Security team, working at the forefront of UK Defence and national security. In this role, you’ll take on advanced security testing, vulnerability assessments, and red team exercises across both classified and unclassified environments - directly strengthening the resilience of mission‑critical networks and applications.

While prior defence experience is highly valued, we also welcome applications from seasoned red team specialists and offensive security professionals from sectors such as utilities, nuclear, and automotive, who bring transferable skills and fresh perspectives to our mission.

Building a Future, we can all trust.

The Thales product portfolio wouldn’t exist without the core engineering specialities that are AI, Cyber and Human Factors. Cybersecurity and Digital Identity (CDI) - from secure software to biometrics and encryption, CDI GBU technologies and services enable businesses and governments to authenticate identities and protect data, so they stay safe and enable services in personal devices, connected objects, the cloud and in between. Cybersecurity Premium Services (CPS) supports its enterprise and government customers in the cybersecurity of their digital transformation. We contribute to the identification and control of cyber risks, ensure the implementation of best reduction practices, operate threat driven cyber incident detection and response services, and intervene with our clients when attacks materialise.

We offer a competitive salary and benefits package designed to support our employees’ wellbeing and professional growth, which includes:

~ Annual bonus (VCP)
~ Pension – match like-for-like up to 7% of annual base salary
~ Life Assurance – 2 x base salary minimum (8 x salary if part of the pension scheme)
~ Annual Leave – 201 hours, bank holidays, plus 1 company day
~ Private Medical Insurance - Couples cover
~ 24/7 Employee Assistance Programme
~24 hours paid leave for volunteering activities
~ Access to flexible benefits and discounts – dental insurance, buying & selling annual leave, cycle to work, and many more


Lead end‑to‑end penetration testing across networks, applications, cloud infrastructures, and embedded systems - delivering actionable insights that strengthen mission‑critical environments
Drive advanced vulnerability assessments and exploit development, executing post‑exploitation activities within authorised scopes to uncover hidden risks and resilience gaps
Produce high‑impact technical reports and executive briefings, translating complex findings into clear risk narratives, business impact assessments, and prioritised remediation strategies
Partner with defensive operations and risk management teams to sharpen detection, accelerate response, and embed proactive resilience across the enterprise
Degree in Computing, Cybersecurity, or a related field - or equivalent professional experience in lieu of formal tertiary studies
Demonstrated track record as a Penetration Tester, Red Team Operator, or equivalent offensive security specialist
Deep expertise in network protocols, application security, operating systems, and cloud platforms across both IT and OT environments
Hands-on proficiency with industry-standard tools including Burp Suite, Metasploit, Cobalt Strike, Nmap, Nessus, plus custom scripting in Python, PowerShell, and Bash
Windows, Linux, Android, iOS, Web Applications, and Cloud infrastructures
SC or DV clearance (mandatory for project delivery), with eligibility or current holding

Exposure to ICS/SCADA, RF systems, or military-grade communication networks
Strong grasp of Threat Intelligence, MITRE ATT&CK framework, and adversary emulation techniques
Previous involvement in projects supporting the MOD, defence primes, or critical national infrastructure (CNI)
Domain expertise across Defence, Nuclear, Government, Aerospace, CNI, and Transport sectors

This role requires you to be a UK National and achieve Security Clearance (SC) without any caveats. Please visit the UKSV website for further guidance:


In some circumstances, a minimum of 3 years’ residence in the UK over the last 5 years may be accepted, with additional overseas checks.

With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. We will provide reasonable adjustments and support to ensure neuro-diverse applicants or those with a disability or long-term condition can be their best during the recruitment process. To request an adjustment, if you need this job advert in an alternative format or if you have any questions about the recruitment process, please contact Resourcing Ops for mid to senior roles, or the Early Careers Team for graduate and apprentice roles.