Offensive Security and Threat Intelligence Specialist

Salary and Contract Salary: £45,272 to £56,844 per annum (dependent on skills and experience)

Band: UKRI Band E

Contract Type: Open Ended - Permanent (Compressed hours & flexible working patterns available)

Hours: Full-time (flexible working available)

Location: Keyworth, Nottingham or Polaris House, Swindon - Hybrid working available

Closing Date: Sunday 4th January 2026

Role Overview Step into the world where modern science meets robust information security. Protect the technology that powers groundbreaking discoveries and be part of the team that safeguards the future of Big Science. Here, you'll collaborate with leading engineers, researchers, and technologists to address the most pressing security challenges in a fast-paced, innovative environment. Every day offers you the chance to defend vital data and systems, ensuring that the pursuit of scientific excellence continues securely and seamlessly.

Discover the difference you can make when you bring your expertise in information security to an organisation at the forefront of global research - working alongside some of the brightest minds and most sophisticated facilities in the world.

Security As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. Please indicate eligibility in the written submission. Candidates not meeting this level of clearance will not be considered. To qualify, applicants must have spent at least three of the last five years in the UK, with the two most recent years being consecutive and directly before submitting their application.

The level of clearance required is security check.

About the role The UKRI CIO Group plays a pivotal role in leading and optimising the organisations critical enterprise technical services that underpin and enable UKRI's business capabilities. Within the group a team of Information Security Experts support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.

Join us for this rare opportunity to apply your experience in offensive security and threat intelligence in a dynamic, fast-paced security operational and strategic role in an organisation at the heart of research and innovation in the UK. Leading the Red Team of penetration testers your broad remit is to identify real-world risks to diverse technical landscapes, uncovering security vulnerabilities, actively exploiting findings, assessing additional impacts through post-exploitation, and providing proactive advice to teams on the most effective remediation strategies. The role encompasses the full scope and delivery of penetration testing, including closed-box network assessments, insider threat evaluations, credentialed application exploitation, thorough testing of human and physical security controls across the UKRI estate. In addition to these offensive security responsibilities, the specialist leads the external penetration testing call off contract to ensure that UKRI receives high quality, tailored assessments both internally and externally, supporting a continuous programme of security improvement.

Responsibilities

• Implement targeted penetration tests and red team exercises to identify exploitable vulnerabilities.
• Develop and maintain offensive tooling to simulate adversary tactics and techniques.
• Monitor and analyse threat intelligence feeds to identify emerging threats and relevant TTPs.
• Produce technical threat reports and briefings to inform security posture and decision making.
• Conduct proactive threat hunting based on intelligence led hypotheses and anomaly detection.
• Support risk assessments with insights from offensive operations and threat landscape analysis.

Personal Specification Essential

• Degree in a related subject or relevant comparable education. (S)
• Have two or more professional qualifications. These include: (S)
• CREST Registered Penetration Tester (CRT) (S)
• Offensive Security Certified Professional (OSCP) (S)
• Certified Ethical Hacker (CEH) Certification (S)
• GIAC Penetration Tester (GPEN) Certification (S)
• Company certification schemes from major vendors and equipment providers like Microsoft (MCP, MCSE) or Cisco (CCNA Security). (S)
• CPSA, CREST Practitioner Security Analyst (or above) (S)
• CISMP and/or CISSP (S)
• CompTIA Security+ (S)
• Extensive professional and practical experience in penetration testing. (S&I)
• Comprehensive technical expertise in mixed technology environments, covering various operating systems, core computer fundamentals, networking, authentication, and cloud platforms like AWS and Azure. (S&I)
• Proficient with open source penetration testing and assessment tools such as Metasploit, Burp Suite, Nmap, and solid understanding of networking configurations and products. (S&I)
• Ability to quickly adapt to emerging technologies, vulnerabilities, and new penetration testing tools. (S&I)
• Skilled in drafting detailed reports that summarize system analysis findings and provide actionable recommendations, demonstrating good communication skills for technical and non technical audiences. (I)
• Creative and strategic problem solver with in depth knowledge of security issues, including system hardening, management, and ethical penetration of security systems. (I)

Desirable: (optional)

• ITIL Foundation. (S&I)
• Ideally Cyber Security Related Status (CHECK CTM, or CTL). (S&I)
• Demonstratable success in (security) service contracting and supplier management. (S&I)
• Proficient in forensic and security analysis using tools such as Wireshark, Fiddler, EnCase, Sleuthkit, and MITM proxies (e.g., Burp Suite Pro, SQLMap). (S&I)
• Strong expertise in web application security assessment-particularly REST APIs, XML/JSON formats, OWASP Top 10 vulnerabilities-and Open Source Intelligence (OSINT) gathering techniques. (S&I)
• Advanced skills in programming and scripting languages (e.g., Perl, Python, PowerShell, C++, PHP, HTML), malware analysis, reverse engineering, and automation in bug bounty platforms. (S&I)
• Experienced in virtualization technologies, exploitation of enterprise infrastructure vulnerabilities, and active participation in industry conferences and groups (e.g., OWASP, DEF CON, BlackHat, BSides). (S&I)

Application Guidance How to evidence the criteria:

You are encouraged to use the STAR method (Situation, Task, Action, Result) in the cover letter to evidence your ability to meet the 'person specification' criteria in the job description. Cover letters should be no more than two sides of A4 (minimum font size 11). For examples of the STAR method, please visit The STAR method National Careers Service.

Behaviours

• Leading a quality service.
• Changing and improving.
• Delivering at pace.
• Seeing the Big Picture.

Selection Process Details We know different organisations use different processes, so we wanted you to know what to expect from us.

Stage 0 - Pre application If you would like to find out more about the role we encourage prospective applicants to get in touch with us to discuss the opportunity.

Stage 1 - Written Submission Candidates will need to submit a written application which consists of 2 parts:

• A CV - this should contain your work experience and any skills, qualifications and accomplishments relevant to the jobs you have completed based on the shortlisting criteria.
• A personal statement (max. 1000 words) - this statement should be used to provide examples of how you meet the essential criteria listed in the shortlisting criteria.

Applications will be reviewed for suitability and shortlisted. Please note, we will not progress applications that do not provide a CV & Personal Statement.

Stage 2 - Interview Applicants who are successful at stage 1 will be invited to interview. The interview will generally be 1 hour in length. The interview will consist of competency based questions. A presentation will be required.

Stage 3 - Outcome The panel outcome is decided and the successful candidate will be offered verbally first, followed by a formal offer letter.

Benefits We recognise and value our employees as individuals and aim to provide a favourable pay and rewards package. We are committed to supporting employees' development and promote a culture of continuous learning!

A list of benefits below:

• An excellent defined benefit pension scheme.
• 30 days' annual leave in addition to 10.5 public and privilege days. (full time equivalent)
• Employee discounts and offers on retail and leisure activities.
• Employee assistance programme, providing confidential help and advice.
• Flexible working options.

Plus many more benefits and wellbeing initiatives that enable our employees to have a great work life balance!

Further information on benefits Benefits of working at UK Research and Innovation (UKRI)

How to apply Please apply online. If you experience any issue applying, please contact .

Sponsorship Please note, if you will require sponsorship to work in the UK, as part of your sponsorship application, you and any dependants travelling with you . click apply for full job details