Junior Penetration Tester (Cyber Analyst), Threat & Vulnerability Management – Cyber Security Division in Leeds

This is an opportunity to join the Bank of England’s Pentest Team as a Junior Penetration Tester and build your career in offensive security. You’ll gain hands-on experience in penetration testing, vulnerability assessment, and support for red and purple team activity, working alongside experienced colleagues to help strengthen the Bank’s security across a wide range of systems and services. You will also have access to training to help with your technical and personal development goals.

Flexible Working Options

• Flexible start and end time to each day
• Flexibility to adapt your calendar as needed, for example around the school run, the gym, or appointments
• A 50% in-office attendance requirement, which can be spread across the month to support different working patterns
• Working from abroad policy (subject to approval and policy within the team)

A day in the role:

No two days in this role are exactly the same. You might start the day with a team catch-up, then spend time supporting a penetration test, researching a new technique, or helping to review findings and draft clear reports. Along the way, you’ll work with experienced teammates who will support your development and help you build confidence across different technologies and testing approaches. The role also offers flexibility in how you organise your day, with flexible start and finish times and hybrid working between the Leeds office and home.

Role Requirements:

You may already have some hands-on penetration testing experience, or you may be looking to deepen your skills in areas such as infrastructure, cloud, or web application testing. If you enjoy problem-solving, are keen to keep learning, and are excited by the opportunity to grow in a supportive team, we’d be keen to hear from you.

Minimum Criteria

• Hands-on penetration testing experience, ideally around two years or more
• A recognised penetration testing certification, or clear progress towards one, such as: OSCP, OSWA, GPEN, GWAPT, GCPN, CREST (CRT or CCT INF/APP), CSTM or CPTS
• Some practical experience in infrastructure, cloud, or web application pentesting
• Experience using standard offensive security tools
• A good understanding of common operating systems
• A basic understanding of networking concepts, including IP addressing, TCP/IP, and UDP
• An understanding of enterprise infrastructure technologies
• An understanding of cloud technologies
• Clear written and verbal communication skills, including the ability to contribute to technical reporting

Essential Criteria

• Some experience or growing capability in cloud security pentesting
• Scripting skills, or a willingness to build them, in Python, PowerShell, or Bash
• Some exposure to Governance, Risk and Compliance processes, or an interest in learning how they support security work
• A high level of integrity, organisation, self-motivation, and a genuine commitment to learning and continuous improvement

How this role fits into the wider Bank

As part of the Cyber Division, you’ll join a penetration testing team where you can build your skills through hands-on work identifying vulnerabilities, assessing risk, and supporting remediation across the Bank’s technology and infrastructure. Working closely with colleagues across Technology and the wider organisation, you’ll learn from experienced teammates while helping to protect the critical systems and information the Bank depends on. This gives you the opportunity to make a meaningful contribution from the start.

Our Approach to Inclusion

The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve. At the Bank of England, we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We believe that it’s by drawing on different perspectives and experiences that we’ll continue to make the best decisions for the public.

We welcome applications from individuals who work flexibly, including job shares and part time working patterns. We've also partnered with external organisations to support us in making adjustments for candidates and employees in the recruitment process where they're needed.

For most roles where work can be carried out at home, we aim for colleagues to spend half of their time in the office, with a minimum of 40% per month. Subject to that minimum requirement, individuals and managers should work together to find what works best for them, their team and stakeholders.

Finally, we're proud to be a member of the Disability Confident Scheme. If you wish to apply under this scheme, you should check the box in the ‘Candidate Personal Information’ under the ‘Disability Confident Scheme’ section of the application.

Salary and Benefits Information

We encourage flexible working, part time working and job share arrangements. Part time salary and benefits will be on a pro-rated basis as appropriate. The salary range in Leeds is £40,320 to £45,360.

In addition, we also offer a comprehensive benefits package as detailed below:

• Currently a non-contributory, career average pension giving you a guaranteed retirement benefit of 1/80th of your annual salary for every year worked. There is the option to increase your pension (to 1/65th) or decrease (to 1/105th) in exchange for salary through our flexible benefits programme each year. The Bank has the discretion to vary standard accrual rates and dial up and dial down rates at any time and to withdraw dial up and dial down options at any time.
• A discretionary performance award based on a current award pool.
• An 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
• 26 days’ annual leave with option to buy up to 12 additional days through flexible benefits.
• Private medical insurance and income protection.

National Security Vetting Process

Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy. Further information regarding the vetting and security clearance requirements for the role will be provided to the successful applicant, and information about how the Bank processes personal data for these purposes, is set out in the Bank's Privacy Notice.

The Bank of England welcomes applications from all candidates, but as a UK Visas and Immigration (UKVI) approved sponsor, we have a responsibility to comply with the Immigration Rules and guidance. As such, our ability to employ individuals who require sponsorship for immigration purposes is limited. The Bank cannot guarantee that you and / or the role you are applying for will be eligible for sponsorship and that any application made to UKVI will be successful. Eligibility will therefore be considered on a case by case basis.

The Application Process

Important: Please ensure that you complete the ‘work history’ section and answer ALL the application questions fully. All candidate applications are anonymised to ensure that our hiring managers will not be able to see your personal information, including your CV, when reviewing your application details at the screening stage. It’s therefore really important that you fill out the work history and application form questions, as your answers will form a critical part of the initial selection process.

The assessment process will comprise of two interview stages. This role closes on 17th June. Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed.