Principle Research Lead

At GCHQ, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodiverse conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce.


Short Summary of role

The NCSC Vulnerability Research Team is tasked with finding vulnerabilities in some of the world’s most complex software. Based in Cheltenham, we invest in training, development and infrastructure to give our researchers the time, space and expertise to find critical security vulnerabilities in widely deployed software used by UK government, industry and citizens.

We also work with the best external vulnerability researchers to deliver deep understanding of security on a wide range of the technologies that NCSC cares about.

We build knowledge and tools for vulnerability discovery that are world-class.

As Principal Research Lead you will be responsible for discovering, triaging and mitigating important vulnerabilities in a range of technologies. You will be leading delivery with external vulnerability researchers as well as delivering personal research within one of the team’s research drives.

What will the successful candidate be doing?

As Principal Research Lead you will be responsible for discovering, triaging, and mitigating important vulnerabilities in a range of technologies. You will be leading delivery with external vulnerability researchers, setting direction, collaborating closely where needed and ensuring the results are used for the benefit of the UK. You will also be delivering personal research within one of the team’s research drives, allowing you to develop the breadth and depth of your own technical expertise.
Working as part of the Vulnerability Research Team the successful candidate will be responsible for

• Delivery of vulnerability research tasks carried out by industry partners for a specific technology area
• Working with technical leaders in other teams to ensure a successful research focus
• Coordination with the UK Equities Process
• Delivery of personal vulnerability research working with industry experts or in one of the VR Team’s drives on critical software including mobile, desktop and embedded devices. This will account for 50% of the role.

This post carries the opportunity to develop your own VR skills and deliver VR with others. Previous experience of carrying out VR is highly desirable but more important is a desire to learn and deliver critical results for the benefit of the UK.

We are looking for a talented, flexible and committed individual who is passionate about technological research with a proven ability to deliver with others.

The successful applicant will need to have: proven ability to deliver novel vulnerability research; a strong track record of leading technical delivery; a desire for developing their own (and others’) technical expertise.

Competency Requirements

• Communication and Knowledge sharing – Intermediate
• Corporate Vision and Efficiency – Intermediate
• Change and Innovation – Intermediate
• Analysis and Decision Making – Higher
• Contribution to Delivery – Higher
• Managing the Customer Relationship – Higher
• Working with and Leading Others – Higher

You can familiarise yourself with the general competencies we use to assess the aptitude of candidates here – Recruitment Process

If you’re excited about working with us and think you have some of what we’re looking for but aren’t sure if you’re 100% there yet… Back yourself and give it a go!

Eligibility Criteria

To be eligible to apply, you must be a British Citizen. One of your parents must be a British Citizen or must have one of the nationalities or citizenships from one of the following: British Overseas Territory, British Subject, British National (Overseas), British Overseas Citizen, British Protected Person, citizenship of a country in the Commonwealth, citizenship of a country in the European Economic Area (EEA), or citizenship of the United States of America (USA). If deceased, they should have had such citizenship or nationality before death. If you hold dual nationality, of which one component is British, you will nonetheless be considered. If successful, you will not normally be required to give up your non-British citizenship but, as a condition of your employment or secondment, MI5, SIS and GCHQ may impose restrictions on your postings, work travel and/or general use of that nationality. Candidates must normally have been resident in the UK for seven out of the last ten years. This is particularly important if you were born outside the UK. Each case will be carefully considered on its own facts. You can apply at the age of 17 years and 6 months, if successful you will not be offered a start date prior to your 18th birthday. Discretion is vital. You should not discuss your application, other than with your partner or a close family member. Please note, you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK to launch an application. Applying from outside of the UK will impact on our ability to progress your application. Further information on our eligibility criteria can be found on the Applying section.

Apply Now Back to listings