Digital Safety Penetration Tester

As a Digital Safety Penetration Tester, you'll perform hands-on ethical hacking engagements across a diverse range of applications, APIs, infrastructure, and cloud environments. You'll take ownership of penetration testing engagements from planning through to reporting and remediation support, helping us proactively identify and reduce cyber risk.

This is an exciting opportunity to build your expertise in a large-scale, complex technology environment while helping shape and improve our in-house cyber testing capability.

You'll be responsible for: Planning and executing penetration tests across web and mobile applications, APIs, corporate networks, and cloud platforms including AWS, Azure, and Google Cloud Identifying and safely exploiting vulnerabilities using a range of testing tools, techniques, and manual methods Producing detailed technical reports and clear executive summaries with practical remediation guidance Working closely with developers, product owners, and security teams to support remediation and re-testing activities Supporting security assurance activities linked to audits, compliance requirements, and risk management Contributing to process improvements, testing methodologies, automation initiatives, and service enhancements Staying up to date with emerging threats, vulnerabilities, and security research, sharing insights with the wider team Collaborating with both internal stakeholders and external security testing partners

Do you have experience in Scripting?, We're looking for someone with a curious mindset, strong technical foundations, and a passion for cyber security.

You'll bring: Experience or strong practical exposure to penetration testing Knowledge of common attack techniques such as SQL injection, cross-site scripting, and privilege escalation Understanding of web technologies, APIs, networking fundamentals, and operating system security basics Familiarity with industry-standard penetration testing tools, frameworks, and methodologies including OWASP Top 10 The ability to clearly communicate technical findings to both technical and non-technical audiences Strong analytical skills, attention to detail, and a proactive approach to problem solving A collaborative mindset with the ability to manage tasks independently and work effectively across teams A passion for continuous learning and keeping up to date with the evolving cyber threat landscape

It would be great if you also have: Certifications such as CREST CRT, OSCP, eJPT, or similar Experience with cloud security, DevOps environments, or CI/CD pipelines Scripting or automation skills in Python, PowerShell, or Bash Knowledge of security standards or frameworks such as ISO 27001, PCI DSS, or NIST Experience contributing to process improvements, tooling enhancements, or service development initiatives

Competitive base salary Up to 20% bonus 25 days holiday plus bank holidays BAYE, SAYE and performance share schemes 7% pension contribution Life assurance Flexible benefits package Excellent staff travel benefits

We are easyJet - a FTSE listed, £multi-billion low-cost airline that serves tens of millions of customers every single year. If you're reading this, you have probably already been an easyJet customer, and you'll know that there is no more iconic (or Orange!) travel brand in Europe. We fly more than 1,207 routes, connecting 38 countries across Europe, and employ more than 18,000 colleagues. We're on a mission to make low-cost travel easy - and whatever your role here, you'll connect millions of people to what they love using Europe's best airline network, great value fares, and friendly service. What makes us easyJet? Our Promise Behaviours - we are Safe, Bold, Welcoming and Challenging. Four Behaviours. One Spirit. One easyJet. Read on if you Have hands-on penetration testing experience Enjoy solving complex security challenges and thinking like an attacker Are passionate about improving cyber security services and processes Love collaborating with teams across technology and security Want to help protect the digital services used by millions of customers across Europe THE TEAM The Cyber Test Services team plays a vital role in protecting easyJet's digital landscape. We provide penetration testing and security assurance across our technology estate, acting as the hands-on ethical hackers within the wider Digital Safety function. Working closely with Risk & Assurance, Compliance, and Technical Assurance teams, we help identify vulnerabilities, strengthen defences, and support regulatory and security standards across the business. It's a collaborative, fast-moving environment focused on continuous improvement, innovation, and keeping easyJet safe and secure.