Security Consultant / Security Engineer / Penetration Tester
IntruderIntruder is an online vulnerability scanner that finds cyber security weaknesses in your most exposed systems, to avoid costly data breaches.
Security Consultant / Security Engineer / Penetration Tester
**Please note we are currently only accepting applications from candidates with an existing right to work in the UK**
Intruder is a fast-growing cyber security start-up that’s been through prestigious accelerators including the GCHQ Cyber Accelerator. Providing an integrated vulnerability scanning platform Intruder helps companies easily identify, track, and fix cyber security weaknesses, before they get hacked. Intruder has its headquarters in London, UK, and provides cyber security services to thousands of customers worldwide. Learn more about Intruder’s platform, services, and growing team here.
We need the best security minds to help make sure our platform is always at the cutting edge of the industry, while simultaneously delivering the bespoke security consultancy and penetration testing that many of our customers need.
A successful security consultant at Intruder should have a deep understanding of both information security and technology. They should understand basic concepts including computer networking, web technologies, and cloud services. They will also have knowledge of common network defence tools and techniques, and their associated weaknesses. Successful consultants should also be able to learn advanced techniques in vulnerability detection, advanced fingerprinting, and security control evasion/bypass.
This role is highly technical and challenging with opportunities to help solve some complex problems within the vulnerability detection and monitoring space.
You are expected to quickly process new information so that you can stay ahead of the changing cyber security landscape and apply what you know to our customer’s attack surface, and the Intruder platform. You will be expected to identify, evaluate, and understand all access vectors for each customer’s environment and automate your approach.
You'll need to be a consultant first and foremost, with the ability manage your own schedule and speak to clients as important as your technical ability as a hacker. You'll also need to understand the important difference between a technical vulnerability and a business risk, as our clients need us to speak their language as well as ours.
You will be required to conduct continuous vulnerability discovery/bug hunting against a subset of our customers. You will need to carry out checks from the penetration testing methodology at scale against multiple customers simultaneously. This will require a problem-solving mindset and an ability to rapidly automate tasks. As part of the continuous vulnerability discovery/bug hunting you will have to review automated scan results and triage results to determine whether findings are accurate.
You will also be required to independently perform external infrastructure, web application, and cloud-focused penetration tests. This will include the full delivery lifecycle from scoping through to final report delivery.
We need you to help maintain our methodologies and tooling and where appropriate suggest changes and make improvements, to ensure that we continue to detect the most recent vulnerabilities.
A core part of your role will be to contribute to the continuous improvement and maintenance of the Intruder platform itself. This will include:
- Researching and appraising novel vulnerability detection and discovery techniques which can be incorporated into improved vulnerability scanning plans
- Identifying new and novel ways to reduce false-positive detections within our platform and working to provide proof-of-concept code
- Writing new security issue descriptions and recommendations to ensure that they are accurate, business impact focused, actionable, and comprehensive
- Tracking emerging vulnerabilities and attack techniques to discover additional weaknesses on Intruder customer networks
As part of the team, you will be expected to undertake research and document your findings. You may be asked to present your findings internally to the wider team, and publicly at conferences and public speaking events. You will also be expected to contribute to Intruder’s blog, either by providing content or helping others in the team develop content.
We're still a small team, so you'll also occasionally need to weigh in on a request from a customer or help at an event. As such, this role would suit someone looking for some variety to their role. As much as we want you to deliver, we also expect a candidate to bring their own ideas to the table and suggest ways for us to improve as a product and a business.
What’s in it for you
For this intermediate level role, we are offering a competitive salary of £35,000 - £60,000 per year, depending upon your existing experience and skill set. We also want you to benefit from the success you create, great companies are built by great people, so we offer share options to all employees, depending on experience and salary.
We're a friendly team and we work in an enjoyable but professional working environment. We're not a traditional consultancy in that our focus is primarily on our platform and product, so we don't run our consultants at 100% utilisation. There's plenty of time for other activities, like doing security research, hunting for additional bugs for our customers, or writing blog articles, where this aligns with company objectives.
We’re based in London, UK, but we are open to remote working arrangements. Some of our team members are already working remotely, but if you’re able to visit our office on occasion to meet the team that would be a benefit. Our focus is on internet-exposed systems, which means that we do not require you to travel to customer sites to deliver internal penetration tests.
As a small team we are flexible and offer a certain level of autonomy that allows you to make meaningful and lasting contributions to Intruder, and our customers.
The ideal candidate must
- Have at least 2 years' industry experience in offensive security (we are a small team and are not currently able to provide training at a foundational level)
- Be comfortable with client-facing calls, and penetration test scoping
- Have a technical academic background in cyber security or software engineering
- Have attained one or more of the following industry qualifications:
- CREST Certified Infrastructure Tester (CCT INF)
- CREST Certified Web Application Tester (CCT APP)
- CREST Registered Penetration Tester (CRT)
- Offensive Security Certified Professional (OSCP)
- Offensive Security Evasion Techniques and Breaching Defences (OSEP)
- Offensive Security Web Expert (OSWE)
- Penetration Testing and Ethical Hacking/Purple Team SANS courses
- Have experience in at least five of the following:
- Network penetration testing and a thorough understanding of network protocols
- Web application penetration testing and a thorough understanding of application layer vulnerabilities
- Automation of simple tasks and complex chains using Python, Ruby, or Go (Golang)
- Developing, extending, or modifying detection and fingerprinting in different formats, including NASL, YML, Python, Java
- Developing, extending, or modifying exploit code, shellcode or exploit tools
- Strong knowledge of tools used for web application, and network security testing including commercial vulnerability scanning engines
- Cloud services, including how to interact with, and assess them for weaknesses
- Demonstrate a high standard of technical aptitude
- Have excellent command of written English language
- Ability to document and explain technical details in a concise, understandable manner
- Be able and willing to manage their own time across multiple tasks
More jobs like this
Remote- US, Canada, UK, … Remote- US, Canada, UK, Germany Full TimeSenior Senior-levelUSD 56K - 104K * USD 56K+ *
Sr. Software Engineer (Security)Application security Audits Cryptography Machine Learning Open Source OWASP PKI +2
Career development Equity Flex hours Flex vacation Health care +3
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Staff Product Security Engineer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior Security Operations Engineer jobs
- Open Senior SOC Analyst jobs
- Open Security Consultant jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Lead Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Clearance-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open ISO 27001-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Cryptography-related jobs
- Open Threat intelligence-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open APIs-related jobs
- Open TCP/IP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open IPS-related jobs
- Open DevSecOps-related jobs