Security Testing Consultant

Location(s): UK, Europe & Africa : UK : Guildford || UK, Europe & Africa : UK : Leeds || UK, Europe & Africa : UK : London

Job Title: Security Testing Consultant

Location: Leeds, Guildford or London, hybrid – Travel in between offices will be a necessity for this position

We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role

What you’ll be doing

• Delivery of end-to-end security testing engagements, including scoping and client wash-up meetings.

• Performing application testing, web and mobile tests, infrastructure testing, objective based tests, and intelligence-led tests.

• Production of detailed reporting and presentations for both technical and non-technical stakeholders.

• Safe and responsible use of testing tools, ensuring controls are in place to limit risks during customer engagements.

• Developing improvements in terms of scripts, tools, or techniques to enhance the Security Testing team's capabilities.

• Knowledge sharing with colleagues in other teams, including Threat Intelligence, Incident Response, and the wider Security Consulting community.

Your skills and experiences

• Experience delivering security testing projects, ability to demonstrate comprehensive, practical knowledge of testing tools, techniques, and procedures.

• Understanding of client needs in terms of testing outcomes, stakeholder engagement, and risk mitigation.

• Self-starter with ability to identify problems early and develop solutions using own initiative.

• The ability to work to strict deadlines and prioritise work appropriately.

• Technical skills with an interest in one or more of the following: adversary emulation, vulnerability discovery, reverse-engineering, emerging technology.

• Flexibility and willingness to travel both within the UK and globally.

• Current CREST Registered Tester or OSCP.

Desirable

• Experience in a high level scripting language such as Python, mid-level language such as C/C++, or low level language such as ASM.

• Skills and experience in application, operating system, database management operation, development, or security management.

• Skills and experience in testing within Government, Telecommunications, Energy, or Financial Services sectors.

• Exploit development or other in depth vulnerability research experience.

This position is part of our global Cyber Technical Services team, which includes adjacent areas of Threat Intelligence and Incident Response.

Benefits

As well as a competitive pension scheme, BAE also offers employee share plans, an extensive range of flexible discounted health, wellbeing & lifestyle benefits, including a green car scheme, private health plans and shopping discounts – you may also be eligible for an annual incentive

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles at BAE Systems are subject to both security and export control restrictions. These restrictions mean that factors such as your nationality, any nationalities you may have previously held, and your place of birth can restrict the roles you are eligible to perform within the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks

.