Job Description Provide expert offensive cyber capabilities by leading and supporting the planning, execution and analysis of advanced penetration testing, red/purple team, vulnerability assessment and adversary simulation engagements. The objective is to uncover and proactively mitigate exploitable security weaknesses across IT, OT, Cloud and application environments, thereby supporting a resilient and continuously improving defensive posture for the organisation. The profile spans junior and senior responsibilities from conducting technical tests to mentoring junior analysts and contributing to the strategic development of the offensive security function. These roles operate at the front line of proactive cyber defence; this role challenges entrenched security assumptions and identifies risks before adversaries do. It involves rapidly adapting to technological and threat landscape changes, staying current with emerging threats and tools, and meeting shifting regulatory and organisational demands. Analysts must collaborate effectively, operate ethically, and contribute to continual improvement, knowledge transfer, and maturity of the organisation’s offensive security capability. Principal Accountabilities • Conduct penetration tests, vulnerability scans, and red/purple team engagements across infrastructure, applications, cloud and OT environments. • Document findings, analyse exploitation risk, and contribute to technical and non-technical reporting. • Maintain and update offensive toolsets according to best practice • Support mitigation efforts and collaborate with other teams. • Assist in adversary simulation scenarios to improve detection and response maturity. • Maintain up to date knowledge of threats and offensive security techniques. • Participate in scoping and remediation reviews. • Maintain professional development and certifications. • Operate with high stands of legality and ethics. Essential Skills • Hands-on experience with offensive security tools and techniques (e.g., penetration testing frameworks, red/purple team tooling). • Understanding of common security vulnerabilities, exploitation methods, and security controls. • Good written and verbal communication for reporting and stakeholder engagement. Desirable Skills • CREST, CHECK, OSCP/OSCE or equivalent certification. • Experience in nuclear, defence, or critical infrastructure environments. • Experience integrating red team outcomes into blue team/detection engineering pipelines. Additional Information • Open VN • Number of Vacancies: 2 • Contact/s: Andrew Shutak The interviews for this vacancy are to be confirmed. ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification. If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview. Competencies will be provided if you are invited to interview. Please see link to the competency framework for further information: https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx If your technical competency is not in the above framework, please refer to the profession’s share point page for further information. Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk Please ensure that you save a copy of this advert for future reference if you make an application for this role. The closing date for this vacancy is Monday 20th July 2026. Back Offensive Security Analyst Job number SP06729 Profession IT Information Services Location Sellafield or Risley Contract type Internal Recruitment Posting date 5 July 2026 Closing date 20 July 2026 Band 4A Work Schedule Days Apply here Apply here