Offensive Security & Threat Intelligence Specialist

Salary: £45,272 to £56,844 Per Annum (Dependent on Skills & Experience)

Hours: Full Time (Flexible Working)

Contract Type: Open Ended (Compressed Hours & Flexible Working Available)

Location: Keyworth, Nottingham or Polaris House, Swindon (Hybrid Working)

Band: UKRI Band E

Closing Date: Sunday 26 October 2025

Job Overview:

The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI's business capabilities. Within the group a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.

Join us for this rare opportunity to apply your experience in offensive security and threat intelligence in a dynamic, fast-paced security operational and strategic role in an organisation at the heart of research and innovation in the UK. Leading the Red Team of penetration testers your broad remit is to identify real-world risks to diverse technical landscapes, uncovering security vulnerabilities, actively exploiting findings, assessing additional impacts through post-exploitation, and providing proactive advice to teams on the most effective remediation strategies. The role encompasses the full scope and delivery of penetration testing, including Black Box network assessments, insider threat evaluations, credentialed application exploitation, and rigorous testing of human and physical security controls across the UKRI estate. In addition to these offensive security responsibilities, the specialist manages the external penetration testing call-off contract to ensure that UKRI receives high-quality, tailored assessments both internally and externally, supporting a continuous programme of security improvement.

Security:

As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process.?Please indicate eligibility in the written submission. Candidates not meeting this level of clearance will not be considered.

The level of clearance required is security check

Key Responsibilities:

• Execute targeted penetration tests and red team exercises to identify exploitable vulnerabilities.
• Develop and maintain offensive tooling to simulate adversary tactics and techniques.
• Monitor and analyse threat intelligence feeds to identify emerging threats and relevant TTPs.
• Produce technical threat reports and briefings to inform security posture and decision-making.
• Conduct proactive threat hunting based on intelligence-led hypotheses and anomaly detection.
• Support risk assessments with insights from offensive operations and threat landscape analysis.

Personal Specification:

The below criteria will be scored during Shortlisting (S), Interview (I) or both (S&I).

Essential

• Degree in a related subject or relevant comparable education.
• Have two or more professional qualifications. These include:
• Crest Registered Penetration Tester (CRT)
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH) Certification
• GIAC Penetration Tester (GPEN) Certification
• Company certification schemes from major vendors and equipment providers like Microsoft (MCP, MCSE) or Cisco (CCNA Security).
• CPSA - Crest Practitioner Security Analyst (or above)
• CISMP and/or CISSP
• CompTIA Security+
• Extensive professional and practical experience in penetration testing. (S&I)
• Comprehensive technical expertise in mixed-technology environments, covering multiple operating systems, core computer fundamentals, networking, authentication, and cloud platforms like AWS and Azure. (S&I)
• Proficient with open-source penetration testing and assessment tools such as Metasploit, Burp Suite, Nmap, and strong understanding of networking configurations and products. (S&I)
• Ability to quickly adapt to emerging technologies, vulnerabilities, and new penetration testing tools. (S&I)
• Skilled in drafting detailed reports that summarize system analysis findings and provide actionable recommendations, demonstrating strong communication skills for technical and non-technical audiences. (I)
• Creative and strategic problem-solver with a solid understanding of security issues, including system hardening, management, and ethical penetration of security systems. (I)

Benefits:

We recognise and value our employees as individuals and aim to provide a favourable pay and rewards package. We are committed to supporting employees' development and promote a culture of continuous learning!

A list of benefits below:

• An outstanding defined benefit pension scheme
• 30 days' annual leave in addition to 10.5 public and privilege days (full time equivalent)
• Employee discounts and offers on retail and leisure activities
• Employee assistance programme, providing confidential help and advice
• Flexible working options

Plus many more benefits and wellbeing initiatives that enable our employees to have a great work life balance! For further information on our benefits please see: Benefits of working at UK Research and Innovation (UKRI)

Other Important Information:

UKRI is an Equal Opportunity & Disability Confident Employer.

Please apply online, if you experience any issue applying, please contact (see below)

How to Apply:

Applicants are required to provide an up-to-date CV and a cover letter outlining their suitability for the role. Further information on how to apply and the selection process is listed on our careers page.

The closing date for applications is Sunday 26 October 2025