Vulnerability Researcher - Software & Hardware in Gloucester

Vulnerability Researcher – Software & Hardware (Cyber Research | Hands-On Testing | Exploratory Engineering)

Location: Gloucester, UK – MUST be local or willing to commute

Salary: £60,000 base salary + Bonus + benefits + long-term technical progression

Full-time, permanent | 37 hours per week | Hybrid (3 days per week on site)

Location & Eligibility – Please Read Carefully

• This role is based in Gloucester and requires regular on-site work (3 days per week).
• Applicants must already be based locally or willing to commute reliably.
• Applicants must have valid UK work eligibility. Visa sponsorship is not available.

Security Clearance

Due to the nature of the work, candidates must be eligible for UK Security Check (SC) clearance. This typically requires British citizenship and continuous UK residency for the past 5 years.

Overview

We are recruiting a Vulnerability Researcher to join a specialist research team working across both software and hardware security in a secure engineering environment. This is a practical, exploratory research role. You will spend your time testing, breaking, probing, and experimenting with real systems, from embedded devices and firmware to software behaviour and protocols. This is not a compliance, audit, or checkbox-driven role. The focus is on curiosity-led investigation, rapid experimentation, and understanding how and why systems fail.

If you enjoy labs, tools, teardown benches, firmware dumps, half-working prototypes, and following technical rabbit holes until something interesting breaks, this is a genuinely fun role doing serious work.

Key Responsibilities

• Conduct hands-on vulnerability research across software and hardware systems
• Perform hardware teardowns, characterisation, and reverse engineering
• Extract and analyse data from flash memory technologies (NAND, eMMC, SPI)
• Explore side-channel and fault-injection techniques (timing, voltage glitching, power analysis)
• Write and modify software or scripts to support testing, analysis, and experimentation
• Build rapid hardware and software prototypes to explore new attack techniques or concepts
• Analyse firmware, system behaviour, and network protocols to identify security weaknesses
• Use lab equipment such as logic analysers and oscilloscopes during investigations
• Clearly document findings, methodologies, and outcomes for internal stakeholders

Required Experience

• Practical experience in security research, systems testing, embedded development, or low-level engineering
• Comfort working across both software and hardware
• Experience working with embedded devices or extracting data from flash storage
• Strong hands-on skills, including soldering, desoldering, and lab equipment usage
• Proficiency in at least one programming language (C, C++, or Python)
• Good working knowledge of Linux systems and command-line tools
• A genuinely inquisitive, experimental mindset, you enjoy testing, exploring, and breaking systems

Desirable Experience

• Reverse engineering using tools such as Ghidra, IDA Pro, or Binary Ninja
• Firmware analysis or exploit development
• Embedded software development (ARM Cortex, AVR, MIPS, etc.)
• Exposure to side-channel or fault-injection techniques (professional or hobbyist)
• RF, SDR, or mobile communications experience (2G / 4G / 5G)
• Network protocol analysis or home-lab experimentation

What’s On Offer

• £60,000 base salary
• Discretionary bonus scheme
• Excellent pension (up to 10.5% employer contribution)
• 37-hour working week with early finish Fridays
• 25 days holiday + public holidays (buy/sell options available)
• Flexible benefits including healthcare, dental, and cycle-to-work schemes
• A genuinely interesting, hands-on research environment
• Long-term technical growth working on real-world, high-impact systems