Domain Abuse Operational Analyst

Location: Hybrid, with a minimum of 20% in the Oxford office per month

About Us

We’re Nominet – a world‑leading domain name registry operating at the heart of the UK internet. While we're best known for running .UK domains, our DNS expertise also underpins critical internet infrastructure that government services, including the NHS, rely on. As a public benefit company, our work has a positive impact on society. We’ve donated millions to projects that use technology to improve people’s lives and have committed to delivering £60m worth of support over the next three years.

The Role

The Domain Abuse Operational Analyst plays a vital role in Nominet’s mission to make .UK the safest country code top‑level domain (ccTLD) in the world. This role is focused on the day‑to‑day operational management of domain abuse reports, supporting investigations, and helping to ensure timely and effective mitigation of malicious activity. As a key member of the Domain Abuse team, you will be responsible for triaging abuse reports, conducting investigations, and supporting the continuous improvement of detection and response processes. Your work will directly contribute to the health and integrity of the .UK registry and help protect users from online harm. This is an ideal opportunity for someone with a strong interest in cyber threat operations and a desire to build hands‑on experience and develop their skills further.

What You’ll Be Doing

• Investigating domain abuse reports using internal tools and open‑source intelligence (OSINT), escalating complex cases when needed
• Supporting operational workflows and identifying ways to improve our tools, processes and automation
• Assisting in the development and refinement of detection rules and identifying patterns in malicious activity
• Liaising with registrars and other external stakeholders to help resolve abuse cases
• Collaborating with internal teams (Security, Policy, Legal etc.) to support a coordinated abuse strategy
• Maintaining accurate records and contributing to reporting, knowledge sharing and continuous improvement

About You

• Working knowledge of common cyber threats (phishing, malware distribution, domain hijacking, and fraud)
• Experience with ticketing and documentation systems to correctly record evidence, actions, and decisions.
• Curious and analytical mindset with a strong interest in cyber threats and online safety
• Understanding of using tools like WHOIS/RDAP and open‑source intelligence platforms
• Strong communicator with the ability to summarise investigations clearly and accurately
• Comfortable following standard operating procedures and suggesting improvements

Nice to have

• Awareness of cyber threat intelligence (CTI) and its application in operational environments
• Initial understanding and appreciation of regulatory considerations affecting domain abuse (for example, GDPR) and legal requirements around online safety
• Understanding of DNS and domain infrastructure, and experience with relevant tools such as WHOIS/RDAP, passive DNS, among others.
• Basic scripting or data analysis skills to support investigation or automation
• Experience working with registrars, ISPs, or within DNS environments

What We Offer

• Hybrid & Flexible Working
• Early Finish Friday – Working week of 34 hours with full‑time pay. (Finish at midday on Friday)
• 30 days of annual leave plus bank holidays, with the ability to purchase an additional 5 days.
• Private Medical Insurance + Employee Assistance Programme
• Pension Scheme (Matched to 7%)
• Annual Bonus Scheme
• Family Leave (Enhanced)
• Electric vehicle scheme with on‑site charging points
• Rewards platform with access to discounts at hundreds of shops, restaurants etc.
• Flexible Benefits

Diversity Statement

We're passionate about creating a workplace where every individual is valued, respected, and empowered. Somewhere we can benefit from all forms of diversity and discover the true value in our differences. If there are any adjustments we could make to the recruitment and selection process to support you, please let us know.

Security Statement

Nominet is committed to the safeguarding and welfare of the internet and expects all employees and volunteers to share this commitment by participating in the relevant security and screening processes. All roles working for Nominet will be subject to a Baseline Personnel Security Standard (BPSS) check. Some roles due to the nature of their work, will require additional security clearance.