Job Application for Principal Security Researcher at watchTowr

Hello, let us introduce ourselves!

We are watchTowr, a VC-backed cyber security startup helping organisations continuously discover vulnerabilities in their Internet-facing attack surface. Cyber security veterans and technical experts, we are obsessed with building cybersecurity technology to help prevent breaches.

With experience informed by years of simulating sophisticated cyber attacks against some of the world's largest organisations, our mission is to enable organisations to continuously understand how an attacker would successfully compromise their business - with cutting-edge Attack Surface Management and Continuous Automated Red Teaming technology.

watchTowr was named within Gartner’s Emerging Tech Impact Radar report in 2023, in Gartner's Innovation Impact report for ASM in 2024, and is utilised by Fortune 500 and other large enterprises globally. Our research is well-known and respected across the cybersecurity industry, and can be found in various news outlets - while fuelling the watchTowr Platform.

We are a young, high-energy and high-performing team delivering world-class technology to help our clients prevent breaches. We are in a high and aggressive growth phase of our journey, and are excited to continue adding colleagues to join our phorce of nature.

Our vision for offensive security is continuous.

But what’s the role?

We are looking for passionate offensive security experts to join us in the watchTowr Labs team, as a Principal Security Researcher - and help find innovative, unique vulnerabilities at scale across our client base. This is remote-based role in the UK.

watchTowr Labs is our epicentre of offensive security expertise, and has been designed to operate like an APT group. This is not consultancy work, project-based work, or engagements restricted by scope/time/budget. Enterprises rely on our technology and approach to look at their organisations holistically, and continuously, as if they were being continuously red-teamed.

If something is exposed to the Internet - whether it’s SaaS, cloud, shadow IT, or the random marketing website everyone forgot about that presents a weakness to their organisation - it’s our job to discover it, highlight it, and hack it.

This is the opportunity to use your expertise and creativity to continuously find ways to break into some of the world and region’s largest brands, enterprises and businesses - at scale.

Sounds great – what will I do?

You will spend your days hacking - or professionally put, “looking for innovative, high-impact vulnerabilities in numerous organisations to fuel our engine”. No scope, no time restrictions, no limitations.
You will be focused on looking for the vulnerabilities that matter - high-impact weaknesses that would have a material impact on our clients. We don’t care about weak SSL ciphers, we care about Remote Code Execution.
You’ll work with other offensive security experts to share ideas and brainstorm new tactics and techniques that we can use to demonstrate high-impact weaknesses in organisations.
You’ll be performing cutting-edge offensive security research to build and test your own high-impact tactics and techniques. Our research has one goal - strengthen external attack surfaces.
By working closely with our Red Team Engineers, your tactics and techniques will be deployed at scale to all of our clients, and implemented into our technology - our message is very clear, never do anything twice, let our technology provide the harness and continuous framework you need.
If your dream is to speak at conferences and present your research to the world - we will support you to make it happen!

Sounds perfect to me, what specifics are you looking for?

Ideal Experience

Ideally, you should have 5 or more years of experience, with:

Involvement in red-team exercises with large enterprises.
You know how you'd break into enterprises without a known vulnerability or a CVE.
Prolific experience in the bug bounty space (or just, lived on IRC in the 2000s) - unclear scopes, thinking outside of the box is your game.
Have basic scripting skills in GoLang and/or Python.
Hold industry-recognised qualifications, like CCSAS/CCT/CRT/OSCP (or just, lived on IRC in the 2000s)
Driven by your own passion and initiative - you understand the mission, and don’t need someone to guide you.

Our Experience

When you join us, you can expect (ok, we kinda expect this from you too):

A highly motivated, experienced, offensive cyber team that obsesses over our shared mission.
To be part of a team of outcome-focused problem-solvers.
An environment of autonomy and creativity to support you to deliver the best work of your life.
A culture of continuous improvement in the form of learning and growth.

What’s in it for me?

Competitive compensation - we believe that hard work, skills and ambition should be fairly compensated.
Meaningful role in a company - You will be a key and early contributor to a fast-growing cyber security business that helps protect some of the world's largest enterprises.
The best tools and powerful kit - we enable you with the tools to effectively fulfil your role.
Endless opportunities – we are in a high-growth phase of our journey, and plan to promote from within as we scale.
Work with cyber security experts – we are solving cutting-edge industry-wide cyber security challenges with some of the world’s most advanced organisations.
Work hard, play hard - we work hard together, but we also have fun together. On Fridays, we regularly turn on the speakers, open the beer fridge, and prepare for the weekend.

Note: This role is a UK-based remote role. Please note that at this time, we cannot sponsor visas for candidates currently residing outside the UK – we apologise in advance for this.