An opportunity to join a high-performing cybersecurity research team, and lead work around cloud security, automation, and secure agile development.


Based in Cheshire in the United Kingdom, PortSwigger Web Security is a global leader in the cybersecurity sector. Our cutting-edge software is used by over 48,000 customers in 140 countries to help them secure their web applications. Our educational and research output is used by millions of people globally to learn about web security.

We first made our name with Burp Suite, the leading software for web penetration testing. We have since broadened our focus with the release of Burp Suite Enterprise Edition, which is aimed at software development teams and large organizations with extensive web assets to defend.

Our dedicated research team has deep expertise in web security vulnerability discovery, detection, and exploitation techniques. In recent years, we have performed pioneering research into new vulnerability classes and new takes on old bugs, including web cache poisoning, server-side template injection, HTTP request smuggling, CORS misconfigurations, and AngularJS injection. Our research team has presented at numerous high-profile cybersecurity conferences, including BlackHat, AppSec, and DEF CON. We would now like to expand the expertise of our team and are looking for a world-class researcher with interests in cloud security and related subjects.

About you

You're a cloud nerd, and proud of it.

You've got a proven track record of high-quality evidence-based research output on topics related to cloud security, security automation, or security within the SDLC. You've shared your work through conference talks, blog posts, open source code, or training courses.

You've worked professionally in the cybersecurity space for many years, perhaps as a penetration tester or security engineer.

You thrive on horizon scanning for upcoming trends and challenges, and pushing the boundaries beyond what is currently perceived to be state-of-the-art or even possible.

Any of the following topics get you excited:

Key responsibilities

You will:

Essential skills

Be well rewarded

We firmly believe in paying people what they're worth to us, not just what we can get away with or what they could earn elsewhere. We pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution.

In addition to a generous base salary, we offer share options and a comprehensive benefits package.

Why join PortSwigger Web Security?

Job details: cloud security researcher

Timeframe Permanent position.
Location Knutsford, Cheshire, United Kingdom.
We are minutes from the M6, and easily commutable from Manchester, Stockport, Wilmslow, Warrington, Chester, Crewe, Macclesfield, and Northwich.
Note: We can offer a comprehensive relocation package and assistance with visas for applicants from outside of the UK.
Salary We pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution.
Benefits Share options.
8% employer pension contribution.
Life assurance: 4x salary.
Income protection: full pay for first 6 months of incapacity followed by 75% of salary plus pension contribution.
Private medical insurance (Bupa).
Holidays 25 days plus public holidays.
Working hours Core hours are 9am to 5pm, with flexibility to start any time between 8am and 9.30am.

To apply, or ask any questions, please email

PortSwigger people at work Web security researchers