BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.Senior Security Testing Consultant
BAE Systems Digital Intelligence is actively seeking an experienced Security Testing Consultant to join our team supporting customers across commercial and government sectors. This position is part of our global Cyber Technical Services team, which includes adjacent areas of Threat Intelligence and Incident Response.
As a Senior Penetration Tester, you will perform comprehensive penetration testing assessments across a wide range of sectors and produce comprehensive written reports to meet high industry standards. Beyond the testing itself, you will be involved in client pre-engagement processes, contributing to scoping tasks and drafting proposals.
Furthermore, as we deeply value the continuous development and growth of our team, you will also be expected to mentor junior team members, fostering a culture of knowledge sharing and collective progress.Key Responsibilities
Minimum Skills and Experience Required
- Delivery of end-to-end security testing engagements, including scoping and client wash-up meetings.
- Performing application testing, web and mobile tests, infrastructure testing, objective-based tests, and intelligence-led tests.
- Carry out more bespoke technical assessments and consultancy services as required.
- Assist in the management of the security testing team, collaborating with leadership to ensure smooth operations and project delivery.
- Production of detailed reporting and presentations for both technical and non-technical stakeholders.
- Safe and responsible use of testing tools, ensuring controls are in place to limit risks during customer engagements.
- Developing improvements in terms of scripts, tools, or techniques to enhance the Security Testing team's capabilities.
- Maintain an up-to-date knowledge of information security issues, continuously learning about new technologies, methodologies, and techniques.
- Mentor junior colleagues and support their professional development.
- Knowledge sharing with colleagues in other teams, such as Threat Intelligence, Incident Response, and the wider Security Consulting community.
Desirable Skills and Experience
- At least 3 years of relevant experience with at least one of those years in a senior position.
- Experience in delivery of security testing projects, ability to demonstrate comprehensive, practical knowledge of testing tools, techniques, and procedures.
- Holds or is in a position to attain CCT-INF or CCT-APP or equivalent in the near future.
- Understanding of client needs in terms of testing outcomes, stakeholder engagement, and risk mitigation.
- Self-starter with the ability to identify problems early and devise solutions using own initiative.
- The ability to work to strict deadlines and prioritise workload appropriately.
- Technical skills with an interest in one or more of the following: adversary emulation, vulnerability discovery, reverse-engineering, emerging technology.
- Excellent communication and presentation skills.
- Flexibility and willingness to travel both within the UK and globally.
- Must be a UK national with (or the ability to obtain) security clearance (this is non-negotiable due to the nature of the work we deliver).
- Experience in a high-level scripting language such as Python, a mid-level language such as C/C++, or a low-level language such as ASM.
- Alongside CCT-INF or CCT-APP possessing certifications like OSCP, OSWP, OSCE, OSEE, OSWE, PNPT, CRTO, CRTO2 would be considered beneficial.
- Skills and experience in application, operating system, database management operation, development, or security management.
- Skills and experience in testing within Government, Telecommunications, Energy, or Financial Services sector.
- Exploit development or other in-depth vulnerability research experience.
- An active engagement in the infosec community, such as attending conferences, contributing to forums, or participating in community-driven projects, is highly valued.
Additional Flexible Benefits
- Supportive environment working with a social and friendly team.
- We strongly believe in continuous learning and professional development and as such, we allocate a generous training budget for each team member.
- Flexible working arrangements.
- An assigned Career Manager to support your professional development
- Private Healthcare covering pre-existing conditions
- Enhanced Maternity/Paternity leave
- Personal Development Plan & Annual Salary reviews
Life at BAE Systems Digital Intelligence
- Matched contribution share save scheme
- Private Healthcare for partner & dependants
- Income protection
- Life assurance
- Life assurance for your spouse/partner
- Critical illness insurance
- Health assessments
- Buy & sell holiday allowances
- Dental insurance
- 'My Car' tax effective car leasing scheme
We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.
By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.
Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: Capabilities
At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Capabilities is the engine that keeps the business moving forward. It is the largest area of Digital Intelligence, containing our Engineering, Consulting and Project Management teams that design and implement the defence solutions and digital transformation projects that make us a globally recognised brand in both the public and private sector.
As a member of the Capabilities team, you will be creating and managing the solutions that earn us our place in an ever changing digital world. We all have a role to play in defending our clients, and this is yours.