Digital Safety Penetration Tester in London

We are easyJet – a FTSE listed, £multi‑billion low‑cost airline that serves tens of millions of customers every single year. If you’re reading this, you have probably already been an easyJet customer, and you’ll know that there is no more iconic (or Orange!) travel brand in Europe. We fly more than 1,207 routes, connecting 38 countries across Europe, and employ more than 18,000 colleagues. We’re on a mission to make low‑cost travel easy – and whatever your role here, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service.

What makes us easyJet? Our Promise Behaviours – we are Safe, Bold, Welcoming and Challenging. Four Behaviours. One Spirit. One easyJet.

Enjoy solving complex security challenges and thinking like an attacker.

Are passionate about improving cyber security services and processes.

Love collaborating with teams across technology and security.

Want to help protect the digital services used by millions of customers across Europe.

The Cyber Test Services team plays a vital role in protecting easyJet’s digital landscape. We provide penetration testing and security assurance across our technology estate, acting as the hands‑on ethical hackers within the wider Digital Safety function. Working closely with Risk & Assurance, Compliance, and Technical Assurance teams, we help identify vulnerabilities, strengthen defences, and support regulatory and security standards across the business. It’s a collaborative, fast‑moving environment focused on continuous improvement, innovation, and keeping easyJet safe and secure.

As a Digital Safety Penetration Tester, you’ll perform hands‑on ethical hacking engagements across a diverse range of applications, APIs, infrastructure, and cloud environments. You’ll take ownership of penetration testing engagements from planning through to reporting and remediation support, helping us proactively identify and reduce cyber risk. This is an exciting opportunity to build your expertise in a large‑scale, complex technology environment while helping shape and improve our in‑house cyber testing capability.

You’ll be responsible for:

• Planning and executing penetration tests across web and mobile applications, APIs, corporate networks, and cloud platforms including AWS, Azure, and Google Cloud.
• Identifying and safely exploiting vulnerabilities using a range of testing tools, techniques, and manual methods.
• Producing detailed technical reports and clear executive summaries with practical remediation guidance.
• Working closely with developers, product owners, and security teams to support remediation and re‑testing activities.
• Supporting security assurance activities linked to audits, compliance requirements, and risk management.
• Contributing to process improvements, testing methodologies, automation initiatives, and service enhancements.
• Staying up to date with emerging threats, vulnerabilities, and security research, sharing insights with the wider team.
• Collaborating with both internal stakeholders and external security testing partners.

What we’re looking for:

We’re looking for someone with a curious mindset, strong technical foundations, and a passion for cyber security. You’ll bring:

• Experience or strong practical exposure to penetration testing.
• Knowledge of common attack techniques such as SQL injection, cross‑site scripting, and privilege escalation.
• Understanding of web technologies, APIs, networking fundamentals, and operating system security basics.
• Familiarity with industry‑standard penetration testing tools, frameworks, and methodologies including OWASP Top 10.
• The ability to clearly communicate technical findings to both technical and non‑technical audiences.
• Strong analytical skills, attention to detail, and a proactive approach to problem solving.
• A collaborative mindset with the ability to manage tasks independently and work effectively across teams.
• A passion for continuous learning and keeping up to date with the evolving cyber threat landscape.

It would be great if you also have:

• Certifications such as CREST CRT, OSCP, eJPT, or similar.
• Experience with cloud security, DevOps environments, or CI/CD pipelines.
• Scripting or automation skills in Python, PowerShell, or Bash.
• Knowledge of security standards or frameworks such as ISO 27001, PCI DSS, or NIST.
• Experience contributing to process improvements, tooling enhancements, or service development initiatives.

What you’ll get in return:

• Up to 20% bonus.
• BAYE, SAYE and performance share schemes.
• Life assurance.
• Flexible benefits package.
• Excellent staff travel benefits.

This is a full‑time position. We support hybrid working and spend time together as a team in our Luton HQ offices.

At easyJet, we are dedicated to fostering an inclusive workplace that reflects the diverse customers we serve across Europe. We welcome candidates from all backgrounds. If you require specific adjustments or support during the application or recruitment process, such as extra time for assessments or accessible interview locations, please contact us. We are committed to providing reasonable adjustments throughout the recruitment process to ensure accessibility and accommodation.