Vulnerability Researcher
Job Title: Vulnerability Researcher
Location: United Kingdom
Employment: Full-Time
Start Date: ASAP
Clearance: DV/eDV
Job Summary:
Our Defence Cyber Research Group (CRG) is seeking a technically proficient and analytically minded Vulnerability Researcher with experience in hardware analysis to support advanced research and development activities.
As Vulnerability Researcher, you will conduct in-depth technical investigations, developing prototypes, and contributing to the discovery and analysis of emerging threats and vulnerabilities.
You must be eligible for or already hold eDV clearance.
Key Responsibilities:
* Hardware teardowns, characterisations and reverse engineering.
* Extract and recover data from flash memory including NAND, eMMC and SPI.
* Conduct side channel attacks such as timing attacks, voltage glitching and power analysis.
* Design and implement hardware/software rapid prototypes to explore novel cyber capabilities and concepts.
* Analyse network protocols and system behaviours to identify potential security weaknesses.
* Collaborate with multidisciplinary teams to deliver technical solutions and research outcomes.
* Document findings and methodologies in a clear and structured manner for internal and external stakeholders.
Essential Skills and Experience:
* Hardware development and prototyping, including PCB design and microcontroller programming.
* Experience extracting data from flash storage ICs.
* Familiarity with logic analysers and oscilloscopes.
* Advanced soldering and desoldering experience.
* Basic understanding of side channel attack techniques. (experience not required)
* Proficiency in at least one programming language such as C, C++, or Python.
* Good working knowledge of Linux-based systems, including command-line tools and system configuration.
* Demonstrated analytical and problem-solving capabilities, with a methodical and inquisitive approach to technical challenges.
* Eligible for or hold active eDV clearance
Desirable Experience:
* Reverse engineering using tools such as IDA Pro, Ghidra, or Binary Ninja.
* Vulnerability research, including exploit development and mitigation bypass techniques.
* Embedded software development for platforms such as ARM Cortex, AVR, or MIPS.
* Experience with Radio Frequency (RF) systems, Software Defined Radios (SDRs), 2G/4G/5G, including tools like GNU Radio, Osmocom, srsRAN or USRP.
* Network engineering experience either home lab or professional.
Next Steps:
* If interested, send your most recent to: so that we can speak in more detail.
JBRP1_UKTJ