NCSC Vulnerability Research Team – Senior Vulnerability Researcher Ref. 1310

Mind Achieving Impact AwardSocial Mobility Foundation AwardThe Times Top 100Disability confident leaderThe Prince's Responsible Business

Operational and Surveillance
Cheltenham (located within an hour’s journey of Birmingham and Bristol)
£30,000 - £55,000
Our world-class vulnerability research team are tasked with finding vulnerabilities in some of the world's most complex software. Based in Cheltenham, we invest in training, development and infrastructure to give our researchers the time, space and expertise to find critical security vulnerabilities in some of the most widely deployed software used by UK government, industry and citizens. You’ll see credits for our vulnerabilities from many major software vendors. We also invest in improving the state of the art of vulnerability research, developing tools, techniques and tradecraft to keep us at the cutting edge of our field.


Our vulnerability researchers have the patience, deep technical skills and determination to find significant vulnerabilities in critical software, including mobile, desktop, browsers and embedded devices.


On the technical side you’ll have a really strong understanding of low level coding (assembly, C or C++) along with knowledge & practical experience of vulnerability research and exploitation techniques in modern operating systems and applications.


You’ll also have good team work abilities, both as a leader and a contributor and be able to clearly communicate complex technical information, you should have experience of analysing large and complex problems and deciding the most productive line of attack. Most importantly, you’ll demonstrate a willingness to learn and keep up with the latest developments in your field.


NCSC use a competency based assessment system, at the interview you’ll be asked questions about your technical skills and knowledge, along with the following competencies. The interview will focus on the competencies marked as essential.


Working with and leading others
Intermediate (Essential)
“Encourages and supports others. Provides a lead within the local area”

Managing the customer relationship
Intermediate (Desirable)
“Negotiates with customers to improve the service to them and to manage their expectations.”

Corporate Vision and Efficiency
Intermediate (Desirable)
“Understands and helps align the aims of own and related areas across the Department. Maximises the cost-effectiveness of area or team.”

Contribution to Delivery
Intermediate (Essential)
“Takes responsibility for an element of delivery against one or more business objectives, balancing priorities to achieve this”

Communication and Knowledge Sharing
Intermediate (Essential)
“Encourages and contributes to discussion. Is proactive in sharing information in own work-area”

Change and Innovation
Intermediate (Desirable)
“Generates creative ideas, and demonstrates sensitivity in implementing local change”

Analysis and Decision Making
Higher (Essential)
“Makes effective decisions and / or solves complex problems in uncertain situations, or where the impact is greater than in the immediate working area”


Lead in the delivery of vulnerability research tasks using a range of dynamic and static analysis techniques.

Develop proof-of-concept exploits and mitigations.

Develop your expertise in vulnerability research, using the best of commercial, open source and internally developed capabilities to find new and novel security issues.

Develop new tools and techniques for improving our vulnerability research capabilities.

Line manage, mentor and lead other researchers.


Candidates with relevant experience covered by a UK government security classification may request a classified interview.



The closing date for applications is 4th December 2017 however if we receive the amount of applications required we may close the vacancy early.

Applicants are encouraged to apply promptly to avoid disappointment. We reserve the right to close the advert early.

This Program / Vacancy is closed to applications.