Senior Vulnerability Researcher (UKTL)
| Posting date: | 16 June 2026 |
|---|---|
| Hours: | Full time |
| Closing date: | 16 July 2026 |
| Location: | Solihull, West Midlands |
| Remote working: | Hybrid - work remotely up to 3 days per week |
| Company: | National Physical Laboratory |
| Job type: | Permanent |
| Job reference: | UKTL |
Summary
What You’ll Be Doing
Step into a senior position at the forefront of telecom security research. In this role, you won’t just explore vulnerabilities—you’ll define how they are discovered, understood, and mitigated across complex telecom ecosystems.
You will lead high-impact research initiatives, guide technical direction, and mentor others while continuing to push the boundaries of your own expertise.
Lead Vulnerability Research – and take ownership of advanced vulnerability research across carrier-grade telecom systems. You’ll drive investigations into complex, real-world technologies, uncovering deep and previously unknown security weaknesses. Your work will directly influence the resilience of critical national infrastructure.
Set Technical Direction & Strategy - Shape the vision for vulnerability research within the organisation. Define priorities, methodologies, and tooling approaches, ensuring research efforts remain innovative, relevant, and impactful. You will provide technical leadership across multiple domains, guiding teams through ambiguous and complex problem spaces.
Innovate & Build at Scale -Design and develop advanced research tooling and environments. Whether creating bespoke fuzzers, software-defined radio solutions, or entirely new frameworks, you’ll enable large-scale experimentation and discovery. You’ll lead by example—prototyping, iterating, and pushing technical boundaries.
Mentor & Elevate the Team - Support and develop other researchers by sharing knowledge, reviewing work, and fostering a culture of curiosity and technical excellence. You’ll help build capability across the team, raising standards and accelerating collective impact.
Deepen Expertise & Drive Insight - Apply structured research methodologies to understand complex systems—how they behave, where they fail, and how they can be secured. You’ll connect insights across domains (hardware, software, and networks) to solve real-world security challenges.
Work, Build & Experiment in a World-Class Lab - Operate within a cutting-edge research environment where experimentation is encouraged. You’ll have the freedom to deconstruct systems, explore their limits, and rebuild them more securely—at scale. Alongside this, you’ll design and evolve the infrastructure that underpins advanced telecom security research.
Successful Applicants must be able to commute to the UKTL offices in Birmingham at least twice a week
We strive to offer a great work life balance - if you are looking for full time, part time or flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in.
About You
You are a highly experienced and deeply technical security researcher, driven by curiosity and a passion for understanding how complex systems work—and how they break. You thrive in ambiguity, lead with confidence, and have a track record of delivering meaningful research outcomes.
Your Skills & Experience
Proven experience leading or contributing to advanced vulnerability research initiatives across multiple roles or organisations
Strong expertise across telecom technologies such as 4G/5G, fibre broadband, and OpenRAN
Deep understanding of hardware and software development lifecycles, and how they introduce security risks
Practical knowledge of cryptographic systems, including encryption, authentication, and digital signatures
Solid grasp of data structures, distributed systems, virtualisation, and containerisation
Expert-level understanding of network protocols and software internals, from low-level assembly to high-level languages
Experience with embedded systems, OS internals, and hardware debugging techniques
Strong knowledge of Linux internals, with the ability to quickly adopt new programming languages
Demonstrated experience identifying and exploiting memory corruption vulnerabilities, including bypassing modern protections (ASLR, stack canaries, etc.)
Proficiency in reverse engineering, using tools such as IDA Pro, Ghidra, or equivalent
Skilled in using debugging tools (e.g., GDB) and advanced exploitation techniques
Experience building custom tools, research platforms, or test environments to support vulnerability discovery
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
We actively recruit citizens from all backgrounds; however, due to the sensitive nature of the work in this area, nationality, residency, and security requirements are more tightly defined than in other roles. To work in this position, you will need to meet the necessary security standards. The role requires DV clearance with no restrictions, though you are able to start in post with SC clearance while your DV clearance is in progress. You are welcome to apply without already holding the required clearance, but you will not be able to start in post until the appropriate level—SC —has been successfully granted.
Step into a senior position at the forefront of telecom security research. In this role, you won’t just explore vulnerabilities—you’ll define how they are discovered, understood, and mitigated across complex telecom ecosystems.
You will lead high-impact research initiatives, guide technical direction, and mentor others while continuing to push the boundaries of your own expertise.
Lead Vulnerability Research – and take ownership of advanced vulnerability research across carrier-grade telecom systems. You’ll drive investigations into complex, real-world technologies, uncovering deep and previously unknown security weaknesses. Your work will directly influence the resilience of critical national infrastructure.
Set Technical Direction & Strategy - Shape the vision for vulnerability research within the organisation. Define priorities, methodologies, and tooling approaches, ensuring research efforts remain innovative, relevant, and impactful. You will provide technical leadership across multiple domains, guiding teams through ambiguous and complex problem spaces.
Innovate & Build at Scale -Design and develop advanced research tooling and environments. Whether creating bespoke fuzzers, software-defined radio solutions, or entirely new frameworks, you’ll enable large-scale experimentation and discovery. You’ll lead by example—prototyping, iterating, and pushing technical boundaries.
Mentor & Elevate the Team - Support and develop other researchers by sharing knowledge, reviewing work, and fostering a culture of curiosity and technical excellence. You’ll help build capability across the team, raising standards and accelerating collective impact.
Deepen Expertise & Drive Insight - Apply structured research methodologies to understand complex systems—how they behave, where they fail, and how they can be secured. You’ll connect insights across domains (hardware, software, and networks) to solve real-world security challenges.
Work, Build & Experiment in a World-Class Lab - Operate within a cutting-edge research environment where experimentation is encouraged. You’ll have the freedom to deconstruct systems, explore their limits, and rebuild them more securely—at scale. Alongside this, you’ll design and evolve the infrastructure that underpins advanced telecom security research.
Successful Applicants must be able to commute to the UKTL offices in Birmingham at least twice a week
We strive to offer a great work life balance - if you are looking for full time, part time or flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in.
About You
You are a highly experienced and deeply technical security researcher, driven by curiosity and a passion for understanding how complex systems work—and how they break. You thrive in ambiguity, lead with confidence, and have a track record of delivering meaningful research outcomes.
Your Skills & Experience
Proven experience leading or contributing to advanced vulnerability research initiatives across multiple roles or organisations
Strong expertise across telecom technologies such as 4G/5G, fibre broadband, and OpenRAN
Deep understanding of hardware and software development lifecycles, and how they introduce security risks
Practical knowledge of cryptographic systems, including encryption, authentication, and digital signatures
Solid grasp of data structures, distributed systems, virtualisation, and containerisation
Expert-level understanding of network protocols and software internals, from low-level assembly to high-level languages
Experience with embedded systems, OS internals, and hardware debugging techniques
Strong knowledge of Linux internals, with the ability to quickly adopt new programming languages
Demonstrated experience identifying and exploiting memory corruption vulnerabilities, including bypassing modern protections (ASLR, stack canaries, etc.)
Proficiency in reverse engineering, using tools such as IDA Pro, Ghidra, or equivalent
Skilled in using debugging tools (e.g., GDB) and advanced exploitation techniques
Experience building custom tools, research platforms, or test environments to support vulnerability discovery
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
We actively recruit citizens from all backgrounds; however, due to the sensitive nature of the work in this area, nationality, residency, and security requirements are more tightly defined than in other roles. To work in this position, you will need to meet the necessary security standards. The role requires DV clearance with no restrictions, though you are able to start in post with SC clearance while your DV clearance is in progress. You are welcome to apply without already holding the required clearance, but you will not be able to start in post until the appropriate level—SC —has been successfully granted.
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.