Engineering

Vulnerability Researcher

  • Location

    Bristol

  • Sector:

    Defence

  • Job type:

    Permanent

  • Salary:

    Negotiable

  • Contact:

    Rami James

  • Contact email:

    r.james@ioassociates.co.uk

  • Job ref:

    BBBH168649_1760359772

  • Startdate:

    ASAP

Vulnerability Researcher

Job Title: Vulnerability Researcher

Location: United Kingdom

Employment: Full-Time

Start Date: ASAP

Clearance: DV/eDV

Job Summary:

Our Defence Cyber Research Group (CRG) is seeking a technically proficient and analytically minded Vulnerability Researcher with experience in hardware analysis to support advanced research and development activities.

As Vulnerability Researcher, you will conduct in-depth technical investigations, developing prototypes, and contributing to the discovery and analysis of emerging threats and vulnerabilities.

You must be eligible for or already hold eDV clearance.

Key Responsibilities:

  • Hardware teardowns, characterisations and reverse engineering.
  • Extract and recover data from flash memory including NAND, eMMC and SPI.
  • Conduct side channel attacks such as timing attacks, voltage glitching and power analysis.
  • Design and implement hardware/software rapid prototypes to explore novel cyber capabilities and concepts.
  • Analyse network protocols and system behaviours to identify potential security weaknesses.
  • Collaborate with multidisciplinary teams to deliver technical solutions and research outcomes.
  • Document findings and methodologies in a clear and structured manner for internal and external stakeholders.

Essential Skills and Experience:

  • Hardware development and prototyping, including PCB design and microcontroller programming.
  • Experience extracting data from flash storage ICs.
  • Familiarity with logic analysers and oscilloscopes.
  • Advanced soldering and desoldering experience.
  • Basic understanding of side channel attack techniques. (experience not required)
  • Proficiency in at least one programming language such as C, C++, or Python.
  • Good working knowledge of Linux-based systems, including command-line tools and system configuration.
  • Demonstrated analytical and problem-solving capabilities, with a methodical and inquisitive approach to technical challenges.
  • Eligible for or hold active eDV clearance

Desirable Experience:

  • Reverse engineering using tools such as IDA Pro, Ghidra, or Binary Ninja.
  • Vulnerability research, including exploit development and mitigation bypass techniques.
  • Embedded software development for platforms such as ARM Cortex, AVR, or MIPS.
  • Experience with Radio Frequency (RF) systems, Software Defined Radios (SDRs), 2G/4G/5G, including tools like GNU Radio, Osmocom, srsRAN or USRP.
  • Network engineering experience either home lab or professional.

Next Steps:

  • If interested, send your most recent to: so that we can speak in more detail.