Senior Vulnerability Researcher
| Posting date: | 04 April 2024 |
|---|---|
| Hours: | Full time |
| Closing date: | 04 May 2024 |
| Location: | Solihull, West Midlands |
| Company: | National Physical Laboratory |
| Job type: | Permanent |
| Job reference: | UKTL09 |
Summary
About the Role
Successful candidates will have a unique experience working on or supporting the latest ground-breaking cyber security and networking technologies on a national and international scale. This opportunity will allow those involved to have first-hand exposure to the latest technologies via the research and development that we are undertaking to secure our telecommunications networks, in order to keep the UK the safest place to live and do business online.
This role will be part of a small team of Vulnerability Researchers, tackling some of the most interesting cyber problems with a meaningful and tangible impact on the national security of the UK. You will be instrumental in standing up an industry-leading security facility.
This role will therefore require a focus on consistent learning and development of both self and the team. The role will have the opportunity to develop and encourage a wider network of VR specialists across the telecoms industry to support wider knowledge sharing and skills development.
Successful Applicants must be able to commute to the UKTL offices in Birmingham at least twice a week
We strive to offer a great work life balance - if you are looking for full time, part time or flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in.
About You
Experience in multiple VR roles and/or organisations.
An interest and aptitude for vulnerability research (either from a professional background or by demonstrating an aptitude).
A passion for understanding how things work, testing them, pushing them to their limits, and finding security issues in them.
A deep understanding of hardware and software development lifecycles and their impact on security practices.
Applied knowledge of cryptographic algorithms and their uses (encryption, authentication, signatures, etc).
Knowledge of data structures, distributed systems, virtualisation and containerisation technologies.
A deep understanding of network protocols and how software works from assembly through to interpreted languages, and everything in between.
Experience of leveraging vulnerabilities such as memory corruption bugs (stack/heap/integer overflows, format strings), and techniques to bypass common security protections (e.g. NX, stack canaries, heap protection, ASLR, etc.)
Knowledge and experience of embedded systems and operating systems, and hardware techniques for prototyping and debugging these.
Knowledge of Linux OS internals. Ability to self-learn any language, given appropriate resources to study and practice.
Practical knowledge of common white-hat exploitation toolsets and techniques for common flaws in low-level software, as well as web platforms (e.g. SQL injection, XSS, CSRF, SSRF, upload/download abuse, RCE).
Reverse engineering experience (e.g. IDA Pro, Ghidra).
Experience using debuggers such as GDB.
We actively recruit citizens of all backgrounds, but the nature of our work in this specific area means that nationality, residency and security requirements are more tightly defined than others. To work in this role, you will need to have an SC clearance with no restrictions, or you must have the ability to obtain an SC clearance.
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
About Us
UK. Telecommunication Laboratory (UKTL)
Led by the Department for Science, Innovation and Technology, the UK Telecoms Lab (UKTL), announced in October 2022, will give the UK the cutting-edge technology to keep our telecommunications networks safe, accelerate the roll-out of 5G,and grow our brilliant telecoms sector by bringing in new entrants to diversify the supply chain market.
Read more about the UKTL here!
The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering and technology to underpin prosperity and quality of life in the UK.
NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.
At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, as part of our commitment to diversity & inclusion, we hold memberships and accreditations to ensure we’re creating an environment where all our colleagues feel supported and welcome, please see our Diversity & Inclusion page.
To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.
Successful candidates will have a unique experience working on or supporting the latest ground-breaking cyber security and networking technologies on a national and international scale. This opportunity will allow those involved to have first-hand exposure to the latest technologies via the research and development that we are undertaking to secure our telecommunications networks, in order to keep the UK the safest place to live and do business online.
This role will be part of a small team of Vulnerability Researchers, tackling some of the most interesting cyber problems with a meaningful and tangible impact on the national security of the UK. You will be instrumental in standing up an industry-leading security facility.
This role will therefore require a focus on consistent learning and development of both self and the team. The role will have the opportunity to develop and encourage a wider network of VR specialists across the telecoms industry to support wider knowledge sharing and skills development.
Successful Applicants must be able to commute to the UKTL offices in Birmingham at least twice a week
We strive to offer a great work life balance - if you are looking for full time, part time or flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in.
About You
Experience in multiple VR roles and/or organisations.
An interest and aptitude for vulnerability research (either from a professional background or by demonstrating an aptitude).
A passion for understanding how things work, testing them, pushing them to their limits, and finding security issues in them.
A deep understanding of hardware and software development lifecycles and their impact on security practices.
Applied knowledge of cryptographic algorithms and their uses (encryption, authentication, signatures, etc).
Knowledge of data structures, distributed systems, virtualisation and containerisation technologies.
A deep understanding of network protocols and how software works from assembly through to interpreted languages, and everything in between.
Experience of leveraging vulnerabilities such as memory corruption bugs (stack/heap/integer overflows, format strings), and techniques to bypass common security protections (e.g. NX, stack canaries, heap protection, ASLR, etc.)
Knowledge and experience of embedded systems and operating systems, and hardware techniques for prototyping and debugging these.
Knowledge of Linux OS internals. Ability to self-learn any language, given appropriate resources to study and practice.
Practical knowledge of common white-hat exploitation toolsets and techniques for common flaws in low-level software, as well as web platforms (e.g. SQL injection, XSS, CSRF, SSRF, upload/download abuse, RCE).
Reverse engineering experience (e.g. IDA Pro, Ghidra).
Experience using debuggers such as GDB.
We actively recruit citizens of all backgrounds, but the nature of our work in this specific area means that nationality, residency and security requirements are more tightly defined than others. To work in this role, you will need to have an SC clearance with no restrictions, or you must have the ability to obtain an SC clearance.
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
About Us
UK. Telecommunication Laboratory (UKTL)
Led by the Department for Science, Innovation and Technology, the UK Telecoms Lab (UKTL), announced in October 2022, will give the UK the cutting-edge technology to keep our telecommunications networks safe, accelerate the roll-out of 5G,and grow our brilliant telecoms sector by bringing in new entrants to diversify the supply chain market.
Read more about the UKTL here!
The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering and technology to underpin prosperity and quality of life in the UK.
NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.
At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, as part of our commitment to diversity & inclusion, we hold memberships and accreditations to ensure we’re creating an environment where all our colleagues feel supported and welcome, please see our Diversity & Inclusion page.
To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.