Job Description

Lead Penetration Tester (Lead Cyber Analyst), Technical Vulnerability Management – Cyber Security Division

Permanent

Full time

Location: Leeds

• Junior Penetration Tester (Cyber Analyst), Threat & Vulnerability Management – Cyber Security Division
  
  

This is an opportunity to join the Bank of England’s Pentest Team as a Lead Penetration Tester and play a senior role in strengthening the Bank’s security. You’ll lead and deliver penetration testing across a broad range of systems and services, assess complex vulnerabilities, and support red and purple team activity. Working with colleagues across Cyber and Technology, you’ll help shape testing approaches, provide technical leadership, and drive effective remediation to reduce risk across the organisation.

Flexible Working Options

This role is open to flexible working patterns as follows:

• Flexible start and end time to each day
• Flexibility to adapt your calendar as needed, for example around the school run, the gym, or appointments
• A 50% in-office attendance requirement, which can be spread across the month to support different working patterns
• Working from abroad policy (subject to approval and policy within the team)

Opportunities in Leeds

We’re excited to be growing our presence in Leeds, a city we’ve been connected to for nearly 200 years! Our modern, accessible office in the City Centre offers a supportive, flexible working environment. The majority of roles, including this one, are now available in Leeds, giving you the chance to build a meaningful career outside of London while contributing to our mission from a dynamic and growing location. You’ll work collaboratively with London-based colleagues in a hybrid model, with regular opportunities to travel into the London office to meet and connect together in person.

Want to learn more? Discover what makes our Leeds office such a dynamic place to work by visiting our Leeds page for more details.

A day in the role:

No two days in this role are exactly the same. You might start the day aligning priorities with the team, then move into leading a penetration test, reviewing complex findings, or shaping the approach to a new assessment. You’ll work closely with colleagues across Cyber and Technology, providing technical oversight, engaging with stakeholders, and helping to ensure that vulnerabilities are clearly understood and effectively remediated. As a senior member of the team, you’ll also support the development of others, contribute to improving testing practices, and help drive high-quality delivery across a varied portfolio of systems and services. The role also offers flexibility in how you organise your day, with flexible start and finish times and hybrid working between the Leeds office and home.

Role Requirements:

You will bring strong hands-on penetration testing experience and the ability to lead complex assessments across areas such as infrastructure, cloud, and web applications. You should be comfortable working with a high degree of autonomy, applying sound technical judgement, and engaging confidently with stakeholders to explain risk and influence remediation. As a senior member of the team, you will also be expected to provide technical leadership, support the development of others, and contribute to the continued evolution of the Bank’s testing capability.

Minimum Criteria

To be successful in this role, you will need to demonstrate strong technical capability and credible hands-on experience across the core areas below.

• Significant hands-on penetration testing experience, including leading or delivering complex assessments in medium to large enterprise environments
• Equivalent work experience or two or more of the following certifications: OSCP, OSEP, OSWE, OSED, GXPN, GX-PT, CREST CTL (INF/APP), Cyber Scheme CSTL (INF/APP), CRTO, CRTP
• Strong practical experience in enterprise infrastructure, cloud, or complex web application pentesting
• Practical expertise using commercial and open-source offensive security tools
• A strong understanding of common operating systems and their security considerations
• A strong understanding of networking concepts, including IP addressing, TCP/IP and UDP
• A strong understanding of enterprise infrastructure services and protocols
• A strong understanding of security concepts and controls related to complex enterprise architecture and the ability to evaluate those controls for effectiveness and impact on operational risk
• A solid understanding of cloud technologies and their security implications
• Excellent written and verbal communication skills, including the ability to produce clear technical reporting and explain risk to a range of stakeholders
• A high level of integrity, organisation, self-motivation, and a commitment to continuous improvement and high-quality delivery

Essential Criteria

The experience below would further strengthen your ability to succeed in this role and contribute at a senior level across the team.

• Experience working in financial services or large government organisations
• Practical experience in source code review
• Strong scripting capability in Python, PowerShell, or Bash
• A solid understanding of Governance, Risk and Compliance processes and how they support security decision-making
• Experience in delivering threat modelling reports that provide a detailed understanding of risks to related systems
• Red team operator experience

Desirable Criteria

• Experience working in complex medium to large organisations

How this role fits into the wider Bank

As part of the Cyber Division, you’ll join a penetration testing team that plays a key role in identifying vulnerabilities across the Bank’s technology and infrastructure, assessing complex risk, and driving effective remediation.

Working closely with colleagues across Cyber, Technology, and the wider organisation, you’ll provide senior technical input, help shape testing approaches, and support the protection of the critical systems and information the Bank depends on.

Our Approach to Inclusion

The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve.

At the Bank of England, we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We believe that it’s by drawing on different perspectives and experiences that we’ll continue to make the best decisions for the public.

We welcome applications from individuals who work flexibly, including job shares and part time working patterns. We've also partnered with external organisations to support us in making adjustments for candidates and employees in the recruitment process where they're needed.

For most roles where work can be carried out at home, we aim for colleagues to spend half of their time in the office, with a minimum of 50% per month. Subject to that minimum requirement, individuals and managers should work together to find what works best for them, their team and stakeholders.

Finally, we're proud to be a member of the Disability Confident Scheme If you wish to apply under this scheme, you should check the box in the ‘Candidate Personal Information’ under the ‘Disability Confident Scheme’ section of the application.

Salary and Benefits Information

We offer a salary as follows:

• Leeds circa £72,320 - £81,360

In addition, we also offer a comprehensive benefits package as detailed below:

• Currently a non-contributory, career average pension giving you a guaranteed retirement benefit of 1/80th of your annual salary for every year worked. There is the option to increase your pension (to 1/65th) or decrease (to 1/105th) in exchange for salary through our flexible benefits programme each year. The Bank has the discretion to vary standard accrual rates and dial up and dial down rates at any time and to withdraw dial up and dial down options at any time.
• A discretionary performance award based on a current award pool.
• An 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits.
• 26 days’ annual leave with option to buy up to 12 additional days through flexible benefits.
• Private medical insurance and income protection.

National Security Vetting Process

Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy. Further information regarding the vetting and security clearance requirements for the role will be provided to the successful applicant, and information about how the Bank processes personal data for these purposes, is set out in the Bank's Privacy Notice

The Bank of England welcomes applications from all candidates, but as a UK Visas and Immigration (UKVI) approved sponsor, we have a responsibility to comply with the Immigration Rules and guidance. As such, our ability to employ individuals who require sponsorship for immigration purposes is limited. The Bank cannot guarantee that you and / or the role you are applying for will be eligible for sponsorship and that any application made to UKVI will be successful. Eligibility will therefore be considered on a case-by-case basis.

The Application Process

Important: Please ensure that you complete the ‘work history’ section and answer ALL the application questions fully. All candidate applications are anonymised to ensure that our hiring managers will not be able to see your personal information, including your CV, when reviewing your application details at the screening stage. It’s therefore really important that you fill out the work history and application form questions, as your answers will form a critical part of the initial selection process.

This role closes on 17 June 2026.

The assessment process will comprise of three interview stages.

Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed.