Associate Vulnerability Researcher

UKTL is building leading-edge Telecoms testing facilities to keep our telecommunications networks safe, accelerate the roll-out of new technologies, and grow our world-leading telecoms sector to maintain resiliency and security.

Read more about UKTLhere!

Successful candidates will join a state-of-the-art facility and support the team conducting testing and research on the latest technologies and innovations in the industry. You will work alongside infrastructure and Cybersecurity professionals to ensure that the UK’s world-class Telecoms infrastructure grows in a resilient and secure manner, underpinning growth in other industry sectors.

As a trusted and independent national capability, UKTL interacts with standards bodies, academia, government departments, communications service providers, and equipment vendors.

Successful applicants must be able to commute to the UKTL offices in Birmingham, with the possibility of hybrid working.

We strive to offer a great work-life balance. If you are looking for full-time, part-time, or flexible options, we will try to accommodate this where feasible. This depends on the role and the part of the business you work in.

Key requirements include:

1. An interest and aptitude for vulnerability research, either professionally or demonstrated through aptitude.
2. A passion for understanding how systems work, testing them, pushing their limits, and identifying security issues.
3. An appreciation of hardware and software development lifecycles and their impact on security practices.
4. Knowledge of cryptographic algorithms (encryption, authentication, signatures, etc.).
5. Understanding of data structures, distributed systems, virtualization, and containerization technologies.
6. Familiarity with network protocols and software operation, including assembly or interpreted languages.
7. Interest or experience in vulnerabilities such as memory corruption bugs and techniques attackers use to bypass protections (e.g., NX, stack canaries, ASLR).
8. Experience with embedded systems, operating systems, and hardware techniques for prototyping and debugging.
9. Knowledge of Linux OS internals.
10. Ability to self-learn programming languages with appropriate resources.
11. Practical knowledge of white-hat exploitation tools and techniques for low-level software and web platforms (e.g., SQL injection, XSS, CSRF, RCE).
12. Reverse engineering experience with tools like IDA Pro or Ghidra.

Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert. Therefore, the closing date may be brought forward. We encourage interested applicants to apply promptly.

We actively recruit individuals of all backgrounds. However, due to the nature of our work, nationality, residency, and security requirements are more tightly defined. To qualify, you must have a DV clearance with no restrictions or the ability to obtain one.