Lead Penetration Tester in Technical Vulnerability Management

This is an opportunity to join the Bank of England's Pentest Team as a Lead Penetration Tester and play a senior role in strengthening the Bank's security. You'll lead and deliver penetration testing across a broad range of systems and services, assess complex vulnerabilities, and support red and purple team activity. Working with colleagues across Cyber and Technology, you'll help shape testing approaches, provide technical leadership, and drive effective remediation to reduce risk across the organisation.

Flexible Working Options

This role is open to flexible working patterns as follows:

• Flexible start and end time to each day
• Flexibility to adapt your calendar as needed, for example around the school run, the gym, or appointments
• A 50% in-office attendance requirement, which can be spread across the month to support different working patterns
• Working from abroad policy (subject to approval and policy within the team), No two days in this role are exactly the same. You might start the day aligning priorities with the team, then move into leading a penetration test, reviewing complex findings, or shaping the approach to a new assessment. You'll work closely with colleagues across Cyber and Technology, providing technical oversight, engaging with stakeholders, and helping to ensure that vulnerabilities are clearly understood and effectively remediated. As a senior member of the team, you'll also support the development of others, contribute to improving testing practices, and help drive high-quality delivery across a varied portfolio of systems and services. The role also offers flexibility in how you organise your day, with flexible start and finish times and hybrid working between the Leeds office and home., As part of the Cyber Division, you'll join a penetration testing team that plays a key role in identifying vulnerabilities across the Bank's technology and infrastructure, assessing complex risk, and driving effective remediation. Working closely with colleagues across Cyber, Technology, and the wider organisation, you'll provide senior technical input, help shape testing approaches, and support the protection of the critical systems and information the Bank depends on. Our Approach to Inclusion The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve. At the Bank of England, we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We believe that it's by drawing on different perspectives and experiences that we'll continue to make the best decisions for the public. We welcome applications from individuals who work flexibly, including job shares and part time working patterns. We've also partnered with external organisations to support us in making adjustments for candidates and employees in the recruitment process where they're needed. For most roles where work can be carried out at home, we aim for colleagues to spend half of their time in the office, with a minimum of 50% per month. Subject to that minimum requirement, individuals and managers should work together to find what works best for them, their team and stakeholders. Finally, we're proud to be a member of the Disability Confident Scheme . If you wish to apply under this scheme, you should check the box in the 'Candidate Personal Information' under the 'Disability Confident Scheme' section of the application. Salary and Benefits Information We offer a salary as follows, Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed.

You will bring strong hands-on penetration testing experience and the ability to lead complex assessments across areas such as infrastructure, cloud, and web applications. You should be comfortable working with a high degree of autonomy, applying sound technical judgement, and engaging confidently with stakeholders to explain risk and influence remediation. As a senior member of the team, you will also be expected to provide technical leadership, support the development of others, and contribute to the continued evolution of the Bank's testing capability., To be successful in this role, you will need to demonstrate strong technical capability and credible hands-on experience across the core areas below.

• Significant hands-on penetration testing experience, including leading or delivering complex assessments in medium to large enterprise environments
• Equivalent work experience or two or more of the following certifications: OSCP, OSEP, OSWE, OSED, GXPN, GX-PT, CREST CTL (INF/APP), Cyber Scheme CSTL (INF/APP), CRTO, CRTP
• Strong practical experience in enterprise infrastructure, cloud, or complex web application pentesting
• Practical expertise using commercial and open-source offensive security tools
• A strong understanding of common operating systems and their security considerations
• A strong understanding of networking concepts, including IP addressing, TCP/IP and UDP
• A strong understanding of enterprise infrastructure services and protocols
• A strong understanding of security concepts and controls related to complex enterprise architecture and the ability to evaluate those controls for effectiveness and impact on operational risk
• A solid understanding of cloud technologies and their security implications
• Excellent written and verbal communication skills, including the ability to produce clear technical reporting and explain risk to a range of stakeholders
• A high level of integrity, organisation, self-motivation, and a commitment to continuous improvement and high-quality delivery, The experience below would further strengthen your ability to succeed in this role and contribute at a senior level across the team.
• Experience working in financial services or large government organisations
• Practical experience in source code review
• Strong scripting capability in Python, PowerShell, or Bash
• A solid understanding of Governance, Risk and Compliance processes and how they support security decision-making
• Experience in delivering threat modelling reports that provide a detailed understanding of risks to related systems
• Red team operator experience, Experience working in complex medium to large organisations

• Leeds circa £72,320 - £81,360

In addition, we also offer a comprehensive benefits package as detailed below:

• Currently a non-contributory, career average pension giving you a guaranteed retirement benefit of 1/80th of your annual salary for every year worked. There is the option to increase your pension (to 1/65th) or decrease (to 1/105th) in exchange for salary through our flexible benefits programme each year. The Bank has the discretion to vary standard accrual rates and dial up and dial down rates at any time and to withdraw dial up and dial down options at any time.
• A discretionary performance award based on a current award pool.
• An 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
• 26 days' annual leave with option to buy up to 12 additional days through flexible benefits.
• Private medical insurance and income protection.