Location: Hybrid, with a minimum of 20% in the Oxford office per month
About Us
We’re Nominet – a world‑leading domain name registry operating at the heart of the UK internet. While we're best known for running .UK domains, our DNS expertise also underpins critical internet infrastructure that government services, including the NHS, rely on.
As a public benefit company, our work has a positive impact on society. We’ve donated millions to projects that use technology to improve people’s lives and have committed to delivering £60m worth of support over the next three years.
The Role
The Domain Abuse Operational Analyst plays a vital role in Nominet’s mission to make .UK the safest country code top‑level domain (ccTLD) in the world. This role is focused on the day‑to‑day operational management of domain abuse reports, supporting investigations, and helping to ensure timely and effective mitigation of malicious activity.
As a key member of the Domain Abuse team, you will be responsible for triaging abuse reports, conducting investigations, and supporting the continuous improvement of detection and response processes. Your work will directly contribute to the health and integrity of the .UK registry and help protect users from online harm.
This is an ideal opportunity for someone with a strong interest in cyber threat operations and a desire to build hands‑on experience and develop their skills further.
What You’ll Be Doing
Investigating domain abuse reports using internal tools and open‑source intelligence (OSINT), escalating complex cases when needed
Supporting operational workflows and identifying ways to improve our tools, processes and automation
Assisting in the development and refinement of detection rules and identifying patterns in malicious activity
Liaising with registrars and other external stakeholders to help resolve abuse cases
Collaborating with internal teams (Security, Policy, Legal etc.) to support a coordinated abuse strategy
Maintaining accurate records and contributing to reporting, knowledge sharing and continuous improvement
About You
Working knowledge of common cyber threats (phishing, malware distribution, domain hijacking, and fraud)
Experience with ticketing and documentation systems to correctly record evidence, actions, and decisions.
Curious and analytical mindset with a strong interest in cyber threats and online safety
Understanding of using tools like WHOIS/RDAP and open‑source intelligence platforms
Strong communicator with the ability to summarise investigations clearly and accurately
Comfortable following standard operating procedures and suggesting improvements
Nice to have
Awareness of cyber threat intelligence (CTI) and its application in operational environments
Initial understanding and appreciation of regulatory considerations affecting domain abuse (for example, GDPR) and legal requirements around online safety
Understanding of DNS and domain infrastructure, and experience with relevant tools such as WHOIS/RDAP, passive DNS, among others.
Basic scripting or data analysis skills to support investigation or automation
Experience working with registrars, ISPs, or within DNS environments
What We Offer
Hybrid & Flexible Working
Early Finish Friday – Working week of 34 hours with full‑time pay. (Finish at midday on Friday)
30 days of annual leave plus bank holidays, with the ability to purchase an additional 5 days.
Private Medical Insurance + Employee Assistance Programme
Pension Scheme (Matched to 7%)
Annual Bonus Scheme
Family Leave (Enhanced)
Electric vehicle scheme with on‑site charging points
Rewards platform with access to discounts at hundreds of shops, restaurants etc.
Flexible Benefits
Diversity Statement
We're passionate about creating a workplace where every individual is valued, respected, and empowered. Somewhere we can benefit from all forms of diversity and discover the true value in our differences. If there are any adjustments we could make to the recruitment and selection process to support you, please let us know
Security Statement
Nominet is committed to the safeguarding and welfare of the internet and expects all employees and volunteers to share this commitment by participating in the relevant security and screening processes. All roles working for Nominet will be subject to a Baseline Personnel Security Standard (BPSS) check. Some roles due to the nature of their work, will require additional security clearance.
#J-18808-Ljbffr