An opportunity to use your web testing expertise to help make Burp Suite even better.

Are you a seasoned penetration tester who knows web application security inside out? Do you love creating your own tools to work around weird problems? Have you got plenty of ideas for improving Burp, and maybe even written your own Burp extensions? Then this may be the opportunity for you.

We are looking for web security gurus whose main passion is writing great tools to use in penetration testing. You will:

Eligibility: A minimum of three years' experience working as a web security penetration tester or consultant.
Essential attributes:
  • Exceptional academic background, or commensurate track record in employment to demonstrate technical abilities.
  • Outstanding analytical and computational skills.
  • Strong interest in solving difficult and complex technical problems in imaginative ways.
  • Ability to learn quickly about unfamiliar technologies and work with them immediately.
  • Attention to detail and personal pride in the quality of work output.
  • High level of personal integrity.
  • Excellent communication and interpersonal skills.
  • Deep knowledge of core web technologies including HTTP, SSL, HTML, JavaScript, XML, JSON, and SOAP.
  • An understanding of object-oriented programming, the Java language and core APIs.
  • Substantial experience of creating your own security tools to support your work; experience of creating Burp extensions using Java would be a strong advantage.
  • Thorough understanding of web application security vulnerabilities, detection and exploitation techniques, and effective remediation.
  • Fluent English speaker.
Preferred attributes:
  • Understanding of Java APIs for networking, threading, reflection, and user interface (Swing).
  • Experience of reverse-engineering and analyzing non-standard data formats and protocols.
  • Understanding of emerging trends and technologies used in today's and tomorrow's web applications, and the ways these impact on penetration testing and security tools.
  • Working knowledge of Windows, Linux and OS X.
Timeframe: Permanent position.
Location: Knutsford, Cheshire, United Kingdom.
Remuneration: Extremely competitive salary and excellent benefits, dependent on skills and experience.
Company background: PortSwigger Web Security is a global leader in the creation of software tools for security testing of web applications. For nearly a decade, we have worked at the cutting edge of the web security industry, and our suite of tools is well established as the de facto standard toolkit used by web security professionals.

Not sure if we are right for you? Find out why you should work at PortSwigger Web Security .

Applications including CV via email to