We are easyJet – a FTSE listed, £multi-billion low-cost airline that serves tens of millions of customers every single year. If you’re reading this, you have probably already been an easyJet customer, and you’ll know that there is no more iconic (or Orange!) travel brand in Europe.
We fly more than 1,207 routes, connecting 38 countries across Europe, and employ more than 18,000 colleagues. We’re on a mission to make low-cost travel easy – and whatever your role here, you’ll connect millions of people to what they love using Europe’s best airline network, great value fares, and friendly service.
What makes us easyJet? Our Promise Behaviours - we are Safe, Bold, Welcoming and Challenging. Four Behaviours. One Spirit. One easyJet.
Read on if you
Have hands-on penetration testing experience
Enjoy solving complex security challenges and thinking like an attacker
Are passionate about improving cyber security services and processes
Love collaborating with teams across technology and security
Want to help protect the digital services used by millions of customers across Europe
THE TEAM
The Cyber Test Services team plays a vital role in protecting easyJet’s digital landscape. We provide penetration testing and security assurance across our technology estate, acting as the hands-on ethical hackers within the wider Digital Safety function.
Working closely with Risk & Assurance, Compliance, and Technical Assurance teams, we help identify vulnerabilities, strengthen defences, and support regulatory and security standards across the business. It’s a collaborative, fast-moving environment focused on continuous improvement, innovation, and keeping easyJet safe and secure.
THE ROLE
As a Digital Safety Penetration Tester, you’ll perform hands-on ethical hacking engagements across a diverse range of applications, APIs, infrastructure, and cloud environments. You’ll take ownership of penetration testing engagements from planning through to reporting and remediation support, helping us proactively identify and reduce cyber risk.
This is an exciting opportunity to build your expertise in a large-scale, complex technology environment while helping shape and improve our in-house cyber testing capability.
You’ll be responsible for:
Planning and executing penetration tests across web and mobile applications, APIs, corporate networks, and cloud platforms including AWS, Azure, and Google Cloud
Identifying and safely exploiting vulnerabilities using a range of testing tools, techniques, and manual methods
Producing detailed technical reports and clear executive summaries with practical remediation guidance
Working closely with developers, product owners, and security teams to support remediation and re-testing activities
Supporting security assurance activities linked to audits, compliance requirements, and risk management
Contributing to process improvements, testing methodologies, automation initiatives, and service enhancements
Staying up to date with emerging threats, vulnerabilities, and security research, sharing insights with the wider team
Collaborating with both internal stakeholders and external security testing partners
Requirements of the Role
WHAT WE’RE LOOKING FOR
We’re looking for someone with a curious mindset, strong technical foundations, and a passion for cyber security.
You’ll bring:
Experience or strong practical exposure to penetration testing
Knowledge of common attack techniques such as SQL injection, cross-site scripting, and privilege escalation
Understanding of web technologies, APIs, networking fundamentals, and operating system security basics
Familiarity with industry-standard penetration testing tools, frameworks, and methodologies including OWASP Top 10
The ability to clearly communicate technical findings to both technical and non-technical audiences
Strong analytical skills, attention to detail, and a proactive approach to problem solving
A collaborative mindset with the ability to manage tasks independently and work effectively across teams
A passion for continuous learning and keeping up to date with the evolving cyber threat landscape
It would be great if you also have:
Certifications such as CREST CRT, OSCP, eJPT, or similar
Experience with cloud security, DevOps environments, or CI/CD pipelines
Scripting or automation skills in Python, PowerShell, or Bash
Knowledge of security standards or frameworks such as ISO 27001, PCI DSS, or NIST
Experience contributing to process improvements, tooling enhancements, or service development initiatives
WHAT YOU’LL GET IN RETURN
Competitive base salary
Up to 20% bonus
25 days holiday plus bank holidays
BAYE, SAYE and performance share schemes
7% pension contribution
Life assurance
Flexible benefits package
Excellent staff travel benefits
PRACTICALITIES
This is a full-time position. We support hybrid working and spend time together as a team in our Luton HQ offices.
REASONABLE ADJUSTMENTS
At easyJet, we are dedicated to fostering an inclusive workplace that reflects the diverse customers we serve across Europe. We welcome candidates from all backgrounds. If you require specific adjustments or support during the application or recruitment process, such as extra time for assessments or accessible interview locations, please contact us at [email protected]. We are committed to providing reasonable adjustments throughout the recruitment process to ensure accessibility and accommodation.
#LI-CH1 #LI-HYBRID
