Apparently, the training (it's not a stand-alone course within the MOD yet) does exist , there is a tri-service unit who work very closely with the geeks at Cheltenham, but are more interested in the MOD servers. It is probably advanced specialism that leads to promotion to Sgt or above I don't expect it will be a phase 2 thing (If you're already serving) until after 2020 if ever, most of the talent in Pen goes straight to Chelt or the private sector. I say apparently because I have a relative who does work with said people, but has an annoyin habit of boring me and another serving all with his walt tales of the Chinese every Christmas. Am sure it's like everythin else in the Army, it should be cool as ****, but they find away to drain the fun out of it and make you wish you'd joined that Starbucks trainee manager scheme instead.......
If you live in Scotland maybe this is worth looking into: Ethical Hacking & Countermeasures | University of Abertay Dundee . You can apply for SASS funding as a Scot, if you're english/welsh/norn irish maybe consider killing the parents and re-mortgaging the house. If it looks like a pricey course that's because Dundee is leading the way in all things geek. I've heard it is an excellent course and you do all the current OS over the past 10 years, but to be honest for 21k I'd just buy myself some good second hand gear, a ticket to DEFCON 2013 in Las Vegas, and read like ****. All the best, and worst Pen's in the private sector started out in their bedrooms.
If you have decent A-levels or equivalent, or just talent, GCHQ run a yearly apprenticeship, they pay for you to go over to MIT for a few months as well as part of your study. Or try out the next National Cipher Challenge, I don't have the links at hand but am sure you can find it yourself.
While places like Abertay and Napier University offer specialised courses in the subject, the broader Computer Science degree programmes study the subject as one of their modules but in less depth and presumably less practical work. The question is whether you want to be a broadly educated geek that has done computer security work on their own time, or as a narrowly-educated geek who only does computer security.
Note that just because a University doesn't offer a taught undergraduate course in a subject, doesn't mean it isn't at the cutting edge of the technology involved...
If you took a google at combining the name of a big 4 consultancy firm with the phrase "Penetration Testing", you might take a peek at LinkedIn for the career profiles and qualifications of the civvy end of the market (first one I looked at had a law degree rather than an IT-related degree, in fact hadn't got a numerate qualification to his name); as I understand it, the civilian market will see you spend your career telling a numbnuts CIO or head of IT in small-to-medium-sized Company X that they should really consider insisting on non-default account / passwords, and keeping the PCs up to date with security patches.
You could even see what comes up when you search for "SANS SEC504" and "SANS SEC560".