Principal Ethical Security Tester

Date: 28 Aug 2023

Location: Malvern, England, GB

Company: QinetiQ


Job Title:        Principal Ethical Security Tester
Location:        Malvern, Worcestershire + Adaptive Working Arrangement
Package:        Highly Competitive Salary + Benefits 
Role Type:      Full time / Permanent 
Role ID:          SF11085

Be part of the QinetiQ journey. Join us as a Principal Ethical Security Tester at our Malvern site where you will have the opportunity to work with cutting-edge technology and many of the industry’s most brilliant minds.


The Role
As a Principal Ethical Security Tester you’ll have a role that is out of the ordinary, assiting in the development of new methodologies and services.


Day-to-day you'll lead multi-part, multi-site engagements, leading a larger team of testers;


  • Lead and direct CHECK and non-CHECK engagements, and lead the testing team on engagements, acting as primary customer contact
  • Hold responsibility for the conduct and actions of the test team, and allocate and co-ordinate work within the team during any customer engagements
  • Lead customer engagements to scope and estimate effort for up and coming EST engagements
  • Provide career guidance and mentoring for junior team members, and support where required, recruitment of new team members
  • Design, plan and implement technical capabilities for the improvement of the Ethical Security Team capabilities 
  • Lead EST engagement with the wider QinetiQ Cyber Security capabilities across the business;  based on the needs of  the wider QinetiQ business 


Skills and experience of the Principal Ethical Security Tester

  • Significant experience in Penetration Testing and/or similar security disciplines
  • Ability to use basic tools such as NMAP, Nessus and Burp Suite
  • Understanding of web application technologies and computer network (including TCP/IP) fundamentals and common high level protocols
  • Ability to interpret results of scanners and suggest next steps to investigate potential vulnerabilities
  • Ability to understand and assess operating systems for vulnerabilities
  • Ability to document and suggest recommendations for identified vulnerabilities for EST test reports
  • Propose, manage and deliver research projects across a broad technical footprint.
  • Understands and has the ability to provide legal and regulatory understanding to the team for Penetration Testing, and manage the correct application of laws, regulations and required ethical standards
  • High Assurance: Ability to direct and lead technical support on high assurance engagements

Qualifications of the Principal Ethical Security Tester

  • CREST CCT (Infra) and CCT (Apps) OR
  • TIGER Senior Security Tester (SST) (Infra) and TIGER Senior Security Tester (SST) (Apps)
  • CyberScheme Team Leader (CSTL Inf) and CyberScheme Team Leader (CSTL App).  If you only have one, willing and likely to qualify for the other qualification
  • CHECK Team Leader (or eligible to become one)
  • Additional qualifications in Cloud (GIAC Cloud Penetration Tester), SCADA/OT, CSAS or CSAM would be desirable


Please note that all applicants must be eligible for SC clearance as a minimum. National security vetting: clearance levels - GOV.UK (


Our Benefits

  • Adaptive and flexible working
  • Generous holiday allowance
  • Health Cash Plan, Private Medical Insurance and Dental Insurance
  • Matched contribution pension scheme, with life assurance
  • Employee discount portal: Personal Accident Insurance, Travel Insurance, Restaurants, Cinema Tickets and much more
  • Holiday Trading is a benefit that allows most employees to buy up to 5 days’ additional leave
  • We are proud to support the Armed Forces community by honouring the Armed Forces Covenant.
  • Payroll Giving and Volunteering - helping charities and local community


Our volunteering programme enables our people to use their professional skills to make a positive difference in our local communities, for example STEM (Science, Technology, Engineering and Maths) ambassador days in schools. We support a number of charities that are important to our people, including those which help the defence community. 




Application Guidance

If you have a disability or need any reasonable adjustments during the application and selection stages, please contact your regional recruiting team in strictest confidence. We’re committed to building an inclusive culture where everyone’s free to thrive. We are happy to talk about adaptive, flexible working - please ask about alternative patterns of work at interview.


Why Join QinetiQ?

As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having the courage to take on a wide variety of complex challenges.


You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an= diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Visit our website to read more about our diverse and inclusive workplace culture.


About QinetiQ

As a company of thousands of dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.