At a Glance
- Tasks: Lead cutting-edge vulnerability research and exploit development in cybersecurity.
- Company: Join a global authority in security research with a collaborative culture.
- Benefits: Flexible working, generous holiday allowance, and health benefits.
- Other info: Mentorship opportunities and participation in industry competitions like Pwn2Own.
- Why this job: Make a real impact in cybersecurity and advance your skills in a dynamic environment.
- Qualifications: Strong knowledge of vulnerability research and experience with various platforms.
The predicted salary is between 70000 - 90000 £ per year.
A Lead Security Researcher within the Exploit Development Group (EDG) is responsible for conducting high-impact vulnerability research and exploit development that advances the state of the art in cybersecurity. The role contributes directly to NCC Group’s reputation as a global authority in security research by delivering original research with deep technical expertise and representing the organisation externally through publications, presentations, and industry engagement. Through both long-term strategic research and short-notice tactical support, this role helps protect clients, strengthen NCC Group services and shape the wider security community.
Key Responsibilities
- Conduct vulnerability research and exploit development across a range of platforms, architectures, and technologies.
- Deliver high-quality vulnerabilities and reliable exploits as part of strategic research programmes.
- Provide short-notice tactical support to consulting, professional, and managed services teams in areas such as reverse engineering and exploit development.
- Advance exploit development techniques and contribute to world-leading security research.
- Participate in vulnerability research and exploit development competitions, such as Pwn2Own.
- Publish research findings and support their internal and external promotion through articles, whitepapers, presentations, and conference talks.
- Act as a subject matter expert within NCC Group, mentoring and supporting colleagues who are developing skills in vulnerability research and exploitation.
- Collaborate effectively with multi-disciplinary teams to deliver research and client outcomes to the highest possible standard.
Skills, Knowledge and Expertise
- Strong knowledge of vulnerability research and exploitation techniques.
- Experience with major CPU architectures and operating systems or platforms.
- Ability to reverse engineer software written in both unmanaged and managed languages.
- Understanding of common programming languages, vulnerability classes and exploitation methods.
- Knowledge of modern exploitation mitigations and approaches for bypassing them.
- Ability to research and exploit unfamiliar instruction sets, programming languages and platforms.
- Clear written communication skills for documenting and presenting complex technical findings.
Benefits
- Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
Lead Security Researcher — Flexible Exploit & Vulnerability Lead employer: NCC Group
NCC Group is an exceptional employer for those passionate about cybersecurity, offering a dynamic work environment in Cheltenham where innovation thrives. With a strong emphasis on employee growth, you will have the opportunity to engage in high-impact research, collaborate with multi-disciplinary teams, and represent the company at industry events. The flexible working options and generous holiday allowance further enhance the work-life balance, making it a rewarding place to advance your career in security research.
