WithSecure delivers offensive-driven cyber security to defend organisations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts - diverse, talented, and passionate - working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office.
Who we're looking for
WithSecure are recruiting for our next generation of Associate Security Consultants! Starting in February 2025, this role will help you enter the world of cyber security, and help you develop your skillsets through our training, mentoring and support.
We're looking for people who are incredibly passionate and curious about cyber security - and about problem solving. Specifically, if either of the following sounds like you, consider applying:
- Recent graduates from a technical/science degree (e.g. Computer Science, Mathematics, Physics, Engineering)
- People without a relevant degree... but with demonstrably good Computing and problem-solving skills (e.g. from blogs, GitHub projects, or other research/public output)
Cyber security experience obviously helps! We're not expecting prior career experience, but if you're the sort of person who loves participating in CTFs, is going through all the labs on Hack The Box, or just got a new smart device as a present and is already trying to figure out how it works/how it breaks... then you might be exactly the sort of person we're looking for!
But your experience doesn't have to be in cyber security already - nor do you have to have a degree (and if you do, it doesn't have to be a Cyber Security one). First and foremost, we are looking for people who love solving problems. Taking a complex issue you've not encountered before, and decomposing it, picking it apart - thinking how to break it. Times, technologies and trends in cyber change - but that skillset is always fundamental.
We also expect a level of technical fundamentals and computing knowledge. You don't need to know every pentesting tool and methodology - but you should be familiar with how computers work, the basics of networking, operating systems, and possibly comfortable with programming. If you are familiar with a pentesting tool, you should be aware of how it works not just how to use it. Some examples that might come up in an interview:
- With reference to SQL injection - how would a potential payload work? What are the different components / statements / special characters? What does each do and why can attackers abuse this?
- With reference to the network scanning tool Nmap - how does it work? Not what are specific command-line arguments? But how does a TCP SYN scan work, compared to a TCP Connect scan? Or UDP?
- If you were put on a security assessment and just plugged into a client's network - what would happen? How would you acquire an IP address? How would you know what else is on the network? How could you figure it out?
- Which OS are you most comfortable with? How does its file system and permission model work? What are some sensitive things an attacker might target?
If you don't know the exact answer to those questions - that's not a deal breaker. Do you know the underlying technologies (the languages, networking protocols, OSs, etc.)? If you do, try and figure out the answer. How do you think it works and what's the logic? This is the sort of problem-solving we want to see.
The job / the detailsWe're looking to hire a group of new Associate Security Consultants, to start at the same time. By doing this, we hope this creates a sense of togetherness and community, and will mean you're all going through training at the same time.
For the first 3 months, you'll go through a period of training, designed to get you up-to-speed with everything you need to know, this will include:
- Dedicated line manager and mentor support, personalised to your strengths and weaknesses, and designed to help bring out your best. These people will help you find and explore your interests and can set you off on long-term career paths too.
- Exposure to the team of experts we have around the world. Across penetration testing, Red/Purple Team services, Security Transformation/Advisory work, and hyper-technical specialisms like Mainframe, Kubernetes, Mobile Security, Cloud Security, Hardware & Product Security and many more.
- Dedicated training courses - specifically for our fundamental skillsets: Application Security & Network Security. Depending on interests and needs on both sides, this may also include topics like Cloud, Mainframe and Mobile Security. As well as softer skills like time management, project scoping, client communication, and much more.
- Some self and guided-study - we firmly believe the best consultants are the autonomous ones. So, while you'll get a lot of training courses, and a lot of mentor/manager support, we also want you to drive your study yourself.
- Getting a start on relevant certifications, whether subject-matter specific ones such as cloud security certs, or industry standard ones like CREST, Cyber Scheme and Offensive Security certifications. We believe these are critical to the growth of any good Associate, and we cover the cost of our people doing these.
- Shadowing and practicing a range of different hands-on activities. This will include scoping new projects, client calls, and of course hands-on-keyboard penetration testing and security assessments. This will get you ready to deliver these projects yourself.
As an Associate Security Consultant, at the end of this program, you will be expected to deliver security assessments across our core areas (e.g. Application Security, Network Security and a few others). You will be supporting more experienced consultants - and learning on every job. As an Associate, your job is to be a sponge for information - learn, improve, and be better on each project than the one before it.
WithSecure consultants have an 80% utilisation target (for client work), meaning that 20% of your time will be spent doing some of the following:
- Training (receiving, as well as delivering)
- Research
- Internal Security Assessments
- Preparing for future work
This is an office-based role - however, a number of the team choose to work from home most of the time. WithSecure do not mandate that people come into the office; we trust our team to get their work done wherever. However, we like to see you and the team do regularly attend one of our two offices, whether to learn from each other, for training or client projects, or to socialise. Our offices are:
- London
- Manchester
This won't be all the time - most of our consultants work remotely most of the time! But during the first few months, you'll benefit most if you can attend training courses, shadow projects and learn from more senior colleagues in person. And after that, onsite work may be required, depending on the client work.
What we needWe solve complex cyber-security problems daily and to do so requires an interesting and comprehensive set of skills. To be successful at WithSecure and help our clients with their challenges you'll need the following:
WithSecure' s consultants are passionate about what they do. They have a passion for computers, hackings, security and most importantly, solving problems. If this wasn't your job, it would be your hobby.
At WithSecure Consulting, we believe in technical excellence, it's how we demonstrate our passion.
You're not going to be told what to do all the time - we will support your progression, but it will be up to you. With an understanding of what is important to the business and our client, you will be given opportunity to determine how your time is best spent. We are an output-driven business, this is to say that your output is what is ultimately important, we don't micromanage.
You will be working with the industry's top consultants. They are there to support you, provided that you demonstrate that you are doing your best.
Communication skills is as important as your technical abilities. The ability to write excellent reports will already be measured during your first 12 weeks at WithSecure. In addition to written communication skills, you are expected to have good verbal communication skills.
You will have the ability to explain complex technical issues to a wide range of audiences which often include senior business stakeholders.
- Ability to thrive in fast-paced environments
Consulting is hard work, and pressure is high. WithSecure has high standards and high expectations of consultants. We work with some of the biggest and most interesting businesses in the world. This inevitably results in often stressful but particularly exciting and rewarding work.
We are committed to creating a diverse and inclusive workplace that values and respects all people, regardless of their background, identity, or experience. We believe that diversity and inclusion are essential for our success as a company and for our customers' satisfaction. We encourage applications from people of all backgrounds, abilities, and perspectives.
If you need any accommodations during the application or interview process, please let us know.