Domain Abuse Operational Analyst

Date: 23 Apr 2026

Location:

Oxford, GB, OX4 4DQ

Company: Nominet

Contract Type: Permanent

Location: Hybrid, with a minimum of 20% in the Oxford office per month

About Us:

We’re Nominet – a world-leading domain name registry operating at the heart of the UK internet. While we're best known for running .UK domains, our DNS expertise also underpins critical internet infrastructure that government services, including the NHS, rely on.

As a public benefit company, our work has a positive impact on society. We’ve donated millions to projects that use technology to improve people’s lives and have committed to delivering £60m worth of support over the next three years.

The Role:

The Domain Abuse Operational Analyst plays a vital role in Nominet’s mission to make .UK the safest country code top-level domain (ccTLD) in the world. This role is focused on the day-to-day operational management of domain abuse reports, supporting investigations, and helping to ensure timely and effective mitigation of malicious activity.

As a key member of the Domain Abuse team, you will be responsible for triaging abuse reports, conducting investigations, and supporting the continuous improvement of detection and response processes. Your work will directly contribute to the health and integrity of the .UK registry and help protect users from online harm.

This is an ideal opportunity for someone with a strong interest in cyber threat operations and a desire to build hands-on experience and develop their skills further.

What You'll Be Doing:

Investigating domain abuse reports using internal tools and open-source intelligence (OSINT), escalating complex cases when needed

Supporting operational workflows and identifying ways to improve our tools, processes and automation

Assisting in the development and refinement of detection rules and identifying patterns in malicious activity

Liaising with registrars and other external stakeholders to help resolve abuse cases

Collaborating with internal teams (Security, Policy, Legal etc.) to support a coordinated abuse strategy

Maintaining accurate records and contributing to reporting, knowledge sharing and continuous improvement

About You:

Working knowledge of common cyber threats (phishing, malware distribution, domain hijacking, and fraud)

Experience with ticketing and documentation systems to correctly record evidence, actions, and decisions.

Curious and analytical mindset with a strong interest in cyber threats and online safety

Understanding of using tools like WHOIS/RDAP and open-source intelligence platforms

Strong communicator with the ability to summarise investigations clearly and accurately

Comfortable following standard operating procedures and suggesting improvements

Nice to have:

Awareness of cyber threat intelligence (CTI) and its application in operational environments

Initial understanding and appreciation of regulatory considerations affecting domain abuse (for e.g., GDPR) and legal requirements around online safety

Understanding of DNS and domain infrastructure, and experience with relevant tools such as WHOIS/RDAP, passive DNS, amongst others.

Basic scripting or data analysis skills to support investigation or automation

Experience working with registrars, ISPs, or within DNS environments

What To Expect Next:

1st stage: Introduction call with a member of the TA team (30 mins)
2nd stage: Hiring manager interview (60 mins) (upfront preparation for a given scenario will be required)
3rd stage: Values interview (30 mins)

What We Offer:

Hybrid & Flexible Working
Early Finish Friday – Working week of 34 hours with full-time pay. (Finish at midday on Friday) 
30 days of annual leave plus bank holidays, with the ability to purchase an additional 5 days. 
Private Medical Insurance + Employee Assistance Programme 
Medicash
Pension Scheme (Matched to 7%)
Annual Bonus Scheme 
Family Leave (Enhanced)
Electric vehicle scheme with on-site charging points* 
Rewards platform with access to discounts at hundreds of shops, restaurants etc.*
*Flexible Benefits

Diversity Statement:

We're passionate about creating a workplace where every individual is valued, respected, and empowered. Somewhere we can benefit from all forms of diversity and discover the true value in our differences. If there are any adjustments we could make to the recruitment and selection process to support you, please let us know

Security Statement

Nominet is committed to the safeguarding and welfare of the internet and expects all employees and volunteers to share this commitment by participating in the relevant security and screening processes. All roles working for Nominet will be subject to a Baseline Personnel Security Standard (BPSS) check. Some roles due to the nature of their work, will require additional security clearance.