Security Engineer

What we're offering (we know, everyone jumps to this section first!):

• Salary of £50-70k
• Share options so you benefit from our success
• 28 days paid holiday plus bank holidays, and an additional 5 unpaid if you want. Once you reach 3 years of service, you get an extra day of paid holiday every year until 7 years at Intruder
• Flexible working - most of the Security team works from home, but we have the option of an office in Shoreditch if you ever feel like some human connection!
• A yearly off-site for the whole company. Last year we went to a Croatian island

As a small but growing team, we're flexible and offer a level of autonomy that allows you to make meaningful and lasting contributions to Intruder and our customers.

We make it easier to not get hacked. Every day people sign up for online services, enter their personal data, and put themselves at risk. We work to enable these services to be better protected, making sure new vulnerabilities are found and closed rapidly before data can be stolen.

We do this with a powerful but easy to use platform that is low on noise and high on trust, information, and context - so when we say it's critical, companies know they have to act fast.

In the past 2 years, we have grown rapidly in product capability, customer base, revenue, and employee size. The next few years promise more of the same, with plenty of growth opportunities for us and our teams!

We are looking for a Security Engineer to write new vulnerability checks for the latest critical vulnerabilities, research breaking vulnerabilities, and discover new weaknesses in well-known products.

This role is varied and includes:

• Writing and maintaining vulnerability checks with Nuclei, OpenVAS and ZAP
• Providing industry leading insights into breaking vulnerabilities on Intruder Intel
• Monitoring customer targets for emerging critical weaknesses: Rapid Response
• Researching breaking vulnerabilities and reverse engineering well-known products to produce quality active vulnerability checks
• Delivering research findings as technical web content or talks at conferences
• Providing technical assistance on client calls, and assist at occasional events

• At least 2 years' industry experience in offensive security including knowledge and experience in some or all of the following:
  • Network penetration testing and a thorough understanding of network protocols
  • Web application penetration testing and a thorough understanding of application layer vulnerabilities
  • Developing, extending, or modifying detection and fingerprinting code
  • Developing, extending, or modifying exploits, shellcode or exploit tools
  • Automation of simple tasks and complex chains using Python, Ruby, or Golang
  • Interacting with Cloud services and assessing them for weaknesses
• One or more industry qualifications, for example:
• Offensive Security Certifications such as OSCP, OSWE, OSEP, OSED
• CREST Certifications such as CCT APP, CCT INF, CRT
• Comfortability with client-facing calls in a consultancy setting
• Excellent technical writeup skills

1. Company intro (30 minutes, remote): initial chat with People/Recruitment for you to learn more about the role and tell us what you're looking for
2. Security Intro (45 minutes, remote): introductory call to discuss your experience with a member of the Security team
3. Technical Task: a mini project to complete in your own time, before the final interview
4. Final Interview: (1 hour 30 minutes): final technical interview questions, and discussion of your technical task

Remote - UK

Remote status: Fully Remote