Based in Cheshire in the United Kingdom, PortSwigger Web Security is a global leader in the cybersecurity sector. Our cutting-edge software is used by over 50,000 customers in 150 countries to help them secure their web applications. Our educational and research output is used by millions of people globally to learn about web security.
We first made our name with Burp Suite, the leading software for web penetration testing. We have since broadened our focus with the release of Burp Suite Enterprise Edition, which is aimed at software development teams and large organizations with extensive web assets to defend.
Our dedicated research team has deep expertise in web security vulnerability discovery, detection, and exploitation techniques. In recent years, we have performed pioneering research into new vulnerability classes and new takes on old bugs, including web cache poisoning, server-side template injection, HTTP request smuggling, CORS misconfigurations, and AngularJS injection. Our research team has presented at numerous high-profile cybersecurity conferences, including BlackHat, AppSec, and DEF CON. We would now like to expand the expertise of our team and are looking for a world-class researcher with interests in cloud security and related subjects.
Timeframe: Permanent position.
Location: Knutsford, Cheshire, United Kingdom.
For this role, we will support 100% remote working for the right candidate.
Note: If preferred, we can also offer a comprehensive relocation package and assistance with visas.
Salary: We pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution.
Benefits: Share options, 8% employer pension contribution.
Life assurance: 4x salary.
Income protection: full pay for first 6 months of incapacity followed by 75% of salary plus pension contribution.
Private medical insurance (Bupa).
Holidays: 25 days plus public holidays.
Working hours: Core hours are 9am to 5pm, with flexibility to start any time between 8am and 9.30am.
You're a cloud nerd, and proud of it.
You've got a proven track record of high-quality evidence-based research output on topics related to DevSecOps, cloud security, security automation, or security within the SDLC. You've shared your work through conference talks, blog posts, open source code, or training courses.
You've worked professionally in the cybersecurity space for many years, perhaps as a penetration tester or security engineer.
You thrive on horizon scanning for upcoming trends and challenges, and pushing the boundaries beyond what is currently perceived to be state-of-the-art or even possible.
Any of the following topics get you excited:
DevSecOps and "Shift left".
Security automation within CI/CD and in deployed/production environments.
Automated asset discovery.
Any cloud-enabling technology, including virtualization, containers and orchestration, clustering, infrastructure as code, software-defined networks, and serverless computing.
Machine learning, and particularly its potential applications to security automation.
Doing all of the above at extreme scale.
Pioneer new research into cloud security, DevSecOps, security automation, asset discovery, and related topics. We expect that this will comprise at least 50% of the role, and underpin several of the other activities.
Share your research output publicly through blog posts, conference talks, and other channels.
Continuously monitor major cloud technology stacks as the PortSwigger subject matter expert and understand their security implications from an offensive and defensive perspective.
Liaise closely with customers who are performing security automation at scale, to understand their use cases, functional requirements, deployment modes, and likely future trends.
Collaborate with our software development teams who are working on cloud-based usage and SaaS, to help shape product strategy, functional requirements, and implementation alternatives.
Be involved in relationships with key strategic partners, including public cloud providers and large-scale consumers of cloud services.
Deliver internal training to software engineers, product managers, customer support agents, and others.
Experience of software development and working knowledge of programming and scripting languages.
Experience of working in or alongside agile development teams.
Excellent knowledge of modern web technologies covering the whole stack including network protocols and architecture, server-side application platforms, microservices, and storage technologies.
Working knowledge of AWS, Azure, and GCP, and deep knowledge of at least one of these platforms covering the full range of cloud-enabling technologies.
Broad understanding of general web security concepts, and of vulnerabilities specifically affecting cloud platforms and virtualized environments.
Ability to communicate research output in a clear and compelling form, and a track record of high-quality, publicly shared research.
We firmly believe in paying people what they're worth to us, not just what we can get away with or what they could earn elsewhere. We pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution. In addition to a generous base salary, we offer share options and a comprehensive benefits package.
We like to have fun (why else would we make a product called Burp?).
We are professional without being corporate.
We encourage a positive work-life balance. We work hard but keep to a normal working day. We don't do stress.
We offer a healthy, high-tech working environment. All our people work on the latest Macs, with dual monitors, sitting-standing desks, and (if they are so inclined) walking treadmills.
We are a close-knit team. We have regular team lunches, evening social events, and amazing parties twice a year.
We are a diverse group of people with a wide range of interests and backgrounds. What Swiggers have in common is that they all love their work and are exceptionally good at what they do.
Jess H, Journalist
Mike S, Software Developer
Mohamed H, Software Developer