Vulnerability Research (VR) Security Analyst

Vulnerability Research (VR) Security Analyst

National Physical Laboratory | Birmingham, West Midlands, B1, GB
Job Type: Full Time

Posted 10 days ago

Apply Now


U.K. Telecommunication Laboratory (UKTL)

If you are interested in applying for this job, please make sure you meet the following requirements as listed below.
Led by the Department for Digital, Culture, Media & Sport, the UK Telecoms Lab (UKTL), announced in October 2022, will give the UK the cutting-edge technology to keep our telecommunications networks safe, accelerate the roll-out of 5G, and grow our brilliant telecoms sector by bringing in new entrants to diversify the supply chain market.
Successful candidates will have a unique experience working on or supporting the latest ground-breaking cyber security and networking technologies on a national and international scale. This opportunity will allow those involved to have first-hand exposure to the latest technologies via the research and development that we are undertaking to secure our telecommunications networks, in order to keep the UK the safest place to live and do business online.
As a trusted and independent national capability, the UKTL will interact at the intersection of standards bodies, such as 3GPP, the National Cyber Security Centre and the wider UK intelligence community, academia, Ofcom, as well as Communications Service Providers and telecommunication equipment vendors.
This role will be part of a small team of Vulnerability Research (VR) Security Analysts, tackling some of the most interesting cyber problems with a meaningful and tangible impact on the national security of the UK. You will be instrumental in standing up an industry-leading security facility.
The focus of the VR Security Analyst will be to conduct in-depth VR activities, explore boundaries of technology and its development, test hypotheses, and conduct deep dives into the vulnerabilities of telecoms equipment. You will also develop bespoke leading-edge security testing tools to support these activities.
We strive to offer a great work life balance - if you are looking for full time, part time or flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in.
Examples of technical skills, knowledge, and experience, including:
An interest and aptitude for vulnerability research (either from a professional background or by demonstrating an aptitude).
A passion for understanding how things work, testing them, pushing them to their limits, and finding security issues in them.
Understanding of hardware and software development lifecycles and their impact on security practices.
Applied knowledge of cryptographic algorithms / standards and knowledge of data structures and distributed systems.
Understanding of network protocols and how software works from assembly through to interpreted languages, and everything in between.
Familiarity with vulnerabilities such as memory corruption bugs (stack/heap/integer overflows, format strings), and techniques attackers can use to bypass common security protections (e.g. NX, stack canaries, heap protection, ASLR, etc.)
Knowledge and experience of embedded systems and operating systems, and hardware techniques for prototyping and debugging these.
Knowledge of Linux OS internals. Ability to self-learn any language, given appropriate resources to study and practice.
Practical knowledge of common white-hat exploitation toolsets and techniques for common flaws in low-level software, as well as web platforms (e.g. SQL injection, XSS, CSRF, SSRF, upload/download abuse, RCE).
Reverse engineering experience (e.g. IDA Pro, Ghidra).
We actively recruit citizens of all backgrounds, but the nature of our work in this specific area means that nationality, residency and security requirements are more tightly defined than others. To work in this role, you will need to have an SC clearance with no restrictions, or you must have the ability to obtain an SC clearance.
NPL and BEIS have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled, black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.
We’re transforming. As a national laboratory, we’re exploring even more commercial routes to market and that’s presenting us with greater opportunity – for you and us. Our success relies on the diversity and talent of our people, we strive to nurture and respect individuals to ensure everyone feels valued and supported to excel in their chosen field. This value is at the core of our organisation.
We believe in a culture of fairness by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, background or any other factor irrelevant to a person’s work. At NPL we are committed to the health and well-being of our employees. Flexible working and social activities are embedded in our culture to create a positive work-life balance, along with a broad range of benefits. NPL’s values are at the heart of what we do and they shape the way we interact, develop our people and celebrate success.
As part of our commitment to diversity & inclusion, we signed up to the Institute of Physics' Project Juno in 2015 as a Juno Supporter. NPL were proud to be awarded Juno Practitioner status in 2018. NPL also joined Stonewall as a Diversity champion in 2015, participating in their annual Workplace Equality Index for the equality of LGBT+ community at NPL. In 2018, NPL became a member of the Business Disability Forum and joined the disability confident scheme as level 1 committed employer.
To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.