Associate Security Consultant

Cheltenham office-based during probation then hybrid.

At NCC Group, our incredible Technical Assurance division is looking for Associate Security Consultants to embark on a journey of growth and development. Kicking off on 19th of January 2026, you will be based in our Cheltenham office where you will work with and learn from some of the best minds in the industry.

This opportunity is available to candidates from various backgrounds and specialisms whether you are changing careers or looking to move into another area of Cyber Security. Our industry‑renowned and awarded training program will teach you to perform web application security assessment, network and infrastructure testing, applied research, consultancy skills and more.

You will propel your career and be on the fast track to becoming a full‑fledged Penetration Tester (aka Security Consultant). The wealth of experience and knowledge available to learn from is invaluable and can often lead to you finding interests in cyber security that you didn’t know you had.

• You’ll spend your first 6 months in our Cheltenham office engaging in structured learning, a mix of guided classroom sessions, 1:1 mentoring and self‑paced modules.
• You’ll be paired with experienced consultants who guide your technical development and help you build consultancy soft skills from client communication to report writing.
• You’ll work through real‑world scenarios using tools like Burp Suite, Kali Linux and custom NCC Group platforms. Expect to learn manual testing techniques alongside automated approaches.
• You’ll observe live client engagements, gaining exposure to different industries, threat models and testing methodologies.
• Midway through the programme you’ll deliver a graduation project; this could be a research piece, a custom tool or a deep‑dive into a specific technique.
• Once trained you’ll begin contributing to billable client work supported by your mentor and line manager. You’ll start with scoped tasks and gradually take on full engagements.
• Regular check‑ins and performance reviews throughout will ensure you’re progressing technically and professionally with clear milestones and support.

• Deliver a graduation project that demonstrates technical depth and presentation skills.
• On successful completion of the training you will sit an industry‑wide qualification (such as CRT or CSTM) before commencing billable client‑facing work.
• After gaining CRT or CSTM you will apply to NCSC for CHECK Team Member accreditation.
• Transition into client‑facing delivery work with confidence and credibility.
• Build a strong foundation in penetration testing and consultancy ready to specialise or broaden into other areas of cyber security.

• Has a good level of English command both written and spoken.
• Asks smart questions, loves solving problems and showing initiative.
• Communicates clearly with clients and colleagues.
• Demonstrates curiosity and drive to learn continuously.

You’ll bring genuine passion for cyber security and ideally you will have some degree of experience or exposure in at least 3 of the following:

• Pen testing web dev frameworks (React, Flask, etc.)
• Networking (TCP/IP routing/switching)
• Cryptography (applied PQC symmetric & asymmetric)
• OS internals (Windows, Linux, MacOS)
• Hardware testing including embedded systems, firmware analysis or physical device security
• Programming (Python, Java, C#, etc.)
• Cloud platforms (AWS, Azure, GCP)
• Security tools (Burp Suite, etc.)
• Ethical hacking platforms (Hack the Box, Catch the Flag, Try Hack Me, vulnhub, Immersive Labs, etc.).

At NCC Group our mission is to create a more secure digital future. That mission underpins everything we do from our work with our incredible clients to groundbreaking research shaping our industry. Our teams partner with clients across a multitude of industries delving into securing new products and emerging technologies as well as solving complex security problems.

As global leaders in cyber and escrow, NCC Group is a people‑powered business seeking the next group of brilliant minds to join our ranks. We’re committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity and accountability. We offer a comprehensive benefits package, opportunities for learning and development and career growth.

We have a high‑performance culture balanced with world‑class well‑being initiatives and benefits:

• Financial & Investment: Pension, Life Assurance, Share Save Scheme
• Maternity & Paternity leave
• Community & Volunteering programmes
• Employee Referral Program
• Lifestyle & Wellness
• Learning & Development

If this sounds like the right opportunity for you we’d love to hear from you! Applications close on the 23rd of November.

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days please don’t be too disappointed; we may keep your CV on our database for future vacancies and encourage you to keep an eye on our career opportunities.

If you do not want us to retain your details please email. All personal data is held in accordance with the are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process please tell us at any stage.

Please note: This role involves mandatory pre‑employment background checks due to the nature of the work NCC Group does. To apply you must be willing and able to undergo the vetting process. This role will be subject to BS7858 screening as a mandatory requirement.

This role may involve work on government‑related projects requiring security clearance. As such applicants must:

• Have unrestricted and permanent right to work in the UK (e.g. British or Irish citizen or settled/pre‑settled status under the EU Settlement Scheme).
• Have been continuously resident in the UK for the past five years to meet the baseline criteria for Security Check (SC) clearance.

While not all projects require clearance, the nature of the work means we can only consider candidates who meet these criteria. Unfortunately we are unable to offer visa sponsorship for this role.

IC

• ISO 27001
• B2B Sales
• SafeNet
• IDS
• Risk Management
• PCI
• NIST Standards
• Salt
• Information Security
• Customer relationship management
• Encryption
• FISMA

Employment Type : Full‑Time

Experience : years

Vacancy : 1

Security Consultant • Cheltenham, England, UK