Lead Penetration Tester (Senior Cyber Analyst), Technical Vulnerability Management – Cyber Security Division in Leeds

This is an opportunity to join the Bank of England’s Pentest Team as a Lead Penetration Tester and play a senior role in strengthening the Bank’s security. You’ll lead and deliver penetration testing across a broad range of systems and services, assess complex vulnerabilities, and support red and purple team activity. Working with colleagues across Cyber and Technology, you’ll help shape testing approaches, provide technical leadership, and drive effective remediation to reduce risk across the organisation.

Flexible Working Options

• Flexible start and end time to each day
• Flexibility to adapt your calendar as needed, for example around the school run, the gym, or appointments
• A 50% in-office attendance requirement, which can be spread across the month to support different working patterns
• Working from abroad policy (subject to approval and policy within the team)

Opportunities in Leeds

We’re excited to be growing our presence in Leeds, a city we’ve been connected to for nearly 200 years! Our modern, accessible office in the City Centre offers a supportive, flexible working environment. The majority of roles, including this one, are now available in Leeds, giving you the chance to build a meaningful career outside of London while contributing to our mission from a dynamic and growing location. You’ll work collaboratively with London-based colleagues in a hybrid model, with regular opportunities to travel into the London office to meet and connect together in person.

A day in the role:

No two days in this role are exactly the same. You might start the day aligning priorities with the team, then move into leading a penetration test, reviewing complex findings, or shaping the approach to a new assessment. You’ll work closely with colleagues across Cyber and Technology, providing technical oversight, engaging with stakeholders, and helping to ensure that vulnerabilities are clearly understood and effectively remediated. As a senior member of the team, you’ll also support the development of others, contribute to improving testing practices, and help drive high-quality delivery across a varied portfolio of systems and services. The role also offers flexibility in how you organise your day, with flexible start and finish times and hybrid working between the Leeds office and home.

Role Requirements:

You will bring strong hands-on penetration testing experience and the ability to lead complex assessments across areas such as infrastructure, cloud, and web applications. You should be comfortable working with a high degree of autonomy, applying sound technical judgement, and engaging confidently with stakeholders to explain risk and influence remediation. As a senior member of the team, you will also be expected to provide technical leadership, support the development of others, and contribute to the continued evolution of the Bank’s testing capability.

Minimum Criteria

To be successful in this role, you will need to demonstrate strong technical capability and credible hands-on experience across the core areas below.

• Significant hands-on penetration testing experience, including leading or delivering complex assessments in medium to large enterprise environments
• Equivalent work experience or two or more of the following certifications: OSCP, OSEP, OSWE, OSED, GXPN, GX-PT, CREST CTL (INF/APP), Cyber Scheme CSTL (INF/APP), CRTO, CRTP
• Strong practical experience in enterprise infrastructure, cloud, or complex web application pentesting
• Practical expertise using commercial and open-source offensive security tools
• A strong understanding of common operating systems and their security considerations
• A strong understanding of networking concepts, including IP addressing, TCP/IP and UDP
• A strong understanding of enterprise infrastructure services and protocols
• A strong understanding of security concepts and controls related to complex enterprise architecture and the ability to evaluate those controls for effectiveness and impact on operational risk
• A solid understanding of cloud technologies and their security implications
• Excellent written and verbal communication skills, including the ability to produce clear technical reporting and explain risk to a range of stakeholders
• A high level of integrity, organisation, self-motivation, and a commitment to continuous improvement and high-quality delivery

Essential Criteria

The experience below would further strengthen your ability to succeed in this role and contribute at a senior level across the team.

• Experience working in financial services or large government organisations
• Practical experience in source code review
• Strong scripting capability in Python, PowerShell, or Bash
• A solid understanding of Governance, Risk and Compliance processes and how they support security decision-making
• Experience in delivering threat modelling reports that provide a detailed understanding of risks to related systems
• Red team operator experience

Desirable Criteria

Experience working in complex medium to large organisations.

How this role fits into the wider Bank

As part of the Cyber Division, you’ll join a penetration testing team that plays a key role in identifying vulnerabilities across the Bank’s technology and infrastructure, assessing complex risk, and driving effective remediation. Working closely with colleagues across Cyber, Technology, and the wider organisation, you’ll provide senior technical input, help shape testing approaches, and support the protection of the critical systems and information the Bank depends on.

Our Approach to Inclusion

The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve. At the Bank of England, we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We believe that it’s by drawing on different perspectives and experiences that we’ll continue to make the best decisions for the public. We welcome applications from individuals who work flexibly, including job shares and part time working patterns. We've also partnered with external organisations to support us in making adjustments for candidates and employees in the recruitment process where they're needed.

Salary and Benefits Information

We offer a salary as follows: Leeds circa £72,320 - £81,360. In addition, we also offer a comprehensive benefits package as detailed below:

• Currently a non-contributory, career average pension giving you a guaranteed retirement benefit of 1/80th of your annual salary for every year worked. There is the option to increase your pension (to 1/65th) or decrease (to 1/105th) in exchange for salary through our flexible benefits programme each year.
• A discretionary performance award based on a current award pool.
• An 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
• 26 days’ annual leave with option to buy up to 12 additional days through flexible benefits.
• Private medical insurance and income protection.

National Security Vetting Process

Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy.

The Application Process

Important: Please ensure that you complete the ‘work history’ section and answer ALL the application questions fully. All candidate applications are anonymised to ensure that our hiring managers will not be able to see your personal information, including your CV, when reviewing your application details at the screening stage. It’s therefore really important that you fill out the work history and application form questions, as your answers will form a critical part of the initial selection process. This role closes on 17 June 2026. The assessment process will comprise of three interview stages. Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed.