|Web vulnerability researcher
An opportunity to join a world-class web security research team and champion the sharing of knowledge about web security vulnerabilities and how to find them.
You thrive on sharing your knowledge and helping others to learn. You relish the idea of reaching a global audience and teaching them how to hack the web. Any of the following get you excited:
Quirky variations on common vulnerabilities that make them harder to find or exploit. Chaining together low-risk vulnerabilities to enable a more serious attack. Devising ways to automate tasks that are normally done manually. Finding loopholes in input validation or other defenses that most testers give up on. Using out-of-band techniques to detect invisible vulnerabilities. Spotting overlooked wrinkles in well-worn topics that uncover new possibilities for exploitation. Devising and participating in CTF competitions. Sharing your expertise with others, through training courses, blog posts, or other output.
Keep abreast of the latest research into web security vulnerabilities and detection techniques, by monitoring the output of other researchers and attending conferences such as AppSec. Continue honing your own penetration testing skills, by testing bug bounty sites and performing security testing of our own applications. Devise new labs for the Web Security Academy, showcasing interesting vulnerabilities based on your real-world experience or research developments. This will involve creating outline functional specifications for developers to implement. Provide subject matter expertise into the generation of learning materials for the Web Security Academy. This will involve producing skeleton outlines for new content (at the level of bullet lists), liaising with in-house technical writers, and reviewing draft materials. Use Burp Suite continuously as part of your bug bounty and research activities, monitor its performance and accuracy, and provide feedback to our product teams on potential enhancements. Produce blog posts and other output on general web security topics and the results of your own research.
Web security expert, with deep and broad knowledge of vulnerabilities and how to find and exploit them. 5+ years of experience of penetration testing web applications. Power user of Burp Suite Professional and passionate about the product. Strong communicator, able to explain complex technical details to a less specialist audience. Effective team player with high EQ and low ego. Helpful, can-do attitude, generous in sharing time and knowledge with others. Good time management: able to manage own agenda, multi-task, and work to deadlines. A track record of published research on web security would be beneficial but is not critical.
Be well rewarded
We firmly believe in paying people what they're worth to us, not just what we can get away with or what they could earn elsewhere. We pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution. In addition to a generous base salary, we offer share options and a comprehensive benefits package.
We are professional without being corporate. We encourage a positive work-life balance. We work hard but keep to a normal working day. We don't do stress. We offer a healthy, high-tech working environment. All our people work on the latest Macs, with dual monitors, sitting-standing desks, and (if they are so inclined) walking treadmills. We are a close-knit team. We have regular team lunches, evening social events, and amazing parties twice a year.
Job details: web vulnerability researcher
TimeframePermanent position. LocationKnutsford, Cheshire, United Kingdom. We are minutes from the M6, and easily commutable from Manchester, Stockport, Wilmslow, Warrington, Chester, Crewe, Macclesfield, and Northwich. Note: We can offer a comprehensive relocation package and assistance with visas for applicants from outside of the UK. SalaryWe pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution. BenefitsShare options. 8% employer pension contribution. Life assurance: 4x salary. Income protection: full pay for first 6 months of incapacity followed by 75% of salary plus pension contribution. Private medical insurance (Bupa). Holidays25 days plus public holidays. Working hoursCore hours are 9am to 5pm, with flexibility to start any time between 8am and 9.30am