An opportunity to pursue cutting-edge research on web security, and help devise enhancements to Burp Suite.

Do you know web application security inside out? Do you enjoy penetration testing, but prefer pure research? Then this may be the opportunity for you.

We are looking for web security experts with a track record of delivering original research and new ideas within the industry. You will:

  • Devise and carry out your own research projects, focusing on new techniques for automating attacks and tests against web applications.
  • Present your work at leading industry conferences worldwide, and build your public reputation.
  • Help design and advise on enhancements to Burp Suite, often based on the results of your research.
  • Spend up to a third of your time* on penetration testing of web applications.
  • Work directly with Dafydd Stuttard (aka PortSwigger), creator of Burp Suite, and author of The Web Application Hacker’s Handbook.

*Note: We want you to continue with some testing, to keep your knowledge current and see Burp in action against real-world applications. We do not have utilization targets, and this is an expected upper limit.

Eligibility: A minimum of three years' experience working as a web security penetration tester or consultant.
Essential attributes:
  • Exceptional academic background, or commensurate track record in employment to demonstrate technical abilities.
  • Thorough understanding of web application security vulnerabilities, detection and exploitation techniques, and effective remediation.
  • A track record of publishing credible original research within the infosec industry, via conference talks, books, blog posts, or other channels.
  • A strong interest in methods for automating the discovery of vulnerabilities in web applications, using both dynamic and static techniques.
  • Deep knowledge of core web technologies including HTTP, SSL, HTML, JavaScript, XML, JSON, and SOAP.
  • Understanding of emerging trends and technologies used in today's and tomorrow's web applications, and the ways these impact on penetration testing and security tools.
  • Strong programming skills in more than one language.
  • Experience of creating your own security tools to support your work. Experience of creating Burp extensions using Java, Python or Ruby would be a strong advantage.
  • Experience of reverse-engineering and analyzing non-standard data formats and protocols.
  • Outstanding analytical and computational skills.
  • Strong interest in solving difficult and complex technical problems in imaginative ways.
  • Ability to learn quickly about unfamiliar technologies and work with them immediately.
  • Attention to detail and personal pride in the quality of work output.
  • High level of personal integrity.
  • Excellent communication and interpersonal skills.
  • Fluent English speaker.
Preferred attributes:
  • An interest in emerging trends in development practices, including continuous delivery and DevOps, and the ways in which security tools can fit into the development lifecycle.
  • Working knowledge of Windows, Linux and OS X.
Timeframe: Permanent position.
Location: Knutsford, Cheshire, United Kingdom.
Remuneration: Extremely competitive salary and excellent benefits, dependent on skills and experience.
Company background: PortSwigger Web Security is a global leader in the creation of software tools for security testing of web applications. For nearly a decade, we have worked at the cutting edge of the web security industry, and our suite of tools is well established as the de facto standard toolkit used by web security professionals.

Not sure if we are right for you? Find out why you should work at PortSwigger Web Security.

Applications including CV via email to careers@portswigger.net.