DevSecOps Researcher

An opportunity to join a high-performing cybersecurity research team, and lead work around cloud security, automation, and secure agile development.

PortSwigger role vacancy


Based in Cheshire in the United Kingdom, PortSwigger Web Security is a global leader in the cybersecurity sector. Our cutting-edge software is used by over 50,000 customers in 150 countries to help them secure their web applications. Our educational and research output is used by millions of people globally to learn about web security.

We first made our name with Burp Suite, the leading software for web penetration testing. We have since broadened our focus with the release of Burp Suite Enterprise Edition, which is aimed at software development teams and large organizations with extensive web assets to defend.

Our dedicated research team has deep expertise in web security vulnerability discovery, detection, and exploitation techniques. In recent years, we have performed pioneering research into new vulnerability classes and new takes on old bugs, including web cache poisoning, server-side template injection, HTTP request smuggling, CORS misconfigurations, and AngularJS injection. Our research team has presented at numerous high-profile cybersecurity conferences, including BlackHat, AppSec, and DEF CON. We would now like to expand the expertise of our team and are looking for a world-class researcher with interests in cloud security and related subjects.

Role details: DevSecOps Researcher

Timeframe: Permanent position.

Location: Knutsford, Cheshire, United Kingdom.

For this role, we will support 100% remote working for the right candidate.

Note: If preferred, we can also offer a comprehensive relocation package and assistance with visas.

Salary: We pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution.

Apply, or ask any questions

Benefits: Share options, 8% employer pension contribution.

Life assurance: 4x salary.

Income protection: full pay for first 6 months of incapacity followed by 75% of salary plus pension contribution.

Private medical insurance (Bupa).

Holidays: 25 days plus public holidays.

Working hours: Core hours are 9am to 5pm, with flexibility to start any time between 8am and 9.30am.

About you

You're a cloud nerd, and proud of it.

You've got a proven track record of high-quality evidence-based research output on topics related to DevSecOps, cloud security, security automation, or security within the SDLC. You've shared your work through conference talks, blog posts, open source code, or training courses.

You've worked professionally in the cybersecurity space for many years, perhaps as a penetration tester or security engineer.

You thrive on horizon scanning for upcoming trends and challenges, and pushing the boundaries beyond what is currently perceived to be state-of-the-art or even possible.

Any of the following topics get you excited:

Key responsibilities

You will:

Essential skills

Be well rewarded

We firmly believe in paying people what they're worth to us, not just what we can get away with or what they could earn elsewhere. We pay excellent salaries above the normal market level, and this is always determined based on your individual skills and contribution. In addition to a generous base salary, we offer share options and a comprehensive benefits package.

Why join PortSwigger web security?

Meet the Swiggers

We are a diverse group of people with a wide range of interests and backgrounds. What Swiggers have in common is that they all love their work and are exceptionally good at what they do.

Jess H

Jess H, Journalist

Mike S

Mike S, Software Developer

Mohamed H

Mohamed H, Software Developer