Application Security Researcher in London

We are seeking a highly motivated and technically proficient Senior Penetration Tester to join our security research division. This role is dedicated to performing advanced offensive security assessments against the biggest companies in the world. You need to be independent, attentive to details, organized, eager to learn new things, and like to research and solve problems.

What you’ll do:

• Lead and execute comprehensive, technically rigorous penetration tests targeting complex web applications, modern API architectures, and enterprise systems for organizations with significant global presence.
• Engage in sophisticated Red Team projects, including the identification of undisclosed API endpoints, development of novel bypass techniques for established security controls, and lateral movement within target environments.
• Contribute substantively to the design, development, and maintenance of proprietary internal security tools and automation frameworks to enhance the efficacy and efficiency of offensive operations.

Requirements:

• Minimum of 3 years of proven, hands-on experience in application security analysis, with a heavy emphasis on complex API penetration testing and a mastery of the OWASP Top 10 landscape.
• Strong experience with static and dynamic analysis of Android and iOS applications, including hands-on experience with techniques like detours, hooking, and runtime code manipulation.
• Deep, hands-on knowledge of the latest tactics, techniques, and procedures (TTPs) used in advanced penetration testing and network analysis.
• Ability to author comprehensive and technically rigorous reports detailing identified vulnerabilities and research outcomes.

Nice to have:

• OSCP, OSWE, eWPTXv2, CRTP, or other high-level offensive certifications.
• Hands-on experience with industry-standard reversing tools like JADX, Ghidra, or IDA Pro.
• Demonstrated online achievements, write-ups, or contributions on platforms such as HackTheBox, Pwn2Own, TryHackMe, Bug Bounty programs, or published security research.

About Alice:

Alice is a trust, safety, and security company built for the AI era. We safeguard the communicative technologies people use to create, collaborate, and interact—whether with each other or with machines. In a world where AI has fundamentally changed the nature of risk, Alice provides end-to-end coverage across the entire AI lifecycle. We support frontier model labs, enterprises, and UGC platforms with a comprehensive suite of solutions: from model hardening evaluations and pre-deployment red-teaming to runtime guardrails and ongoing drift detection.

THE CHALLENGES ALONG THE WAY:

1. Being Both Strategist and Executioner: One of the hardest parts of this role is that you’re both the visionary and the builder; the one drawing the map and paving the road. That means switching between high-level strategy and hands-on experimentation daily, and doing it while bringing others along with you. There’s no playbook for this kind of work. You’re paving an unpaved road, one small experiment at a time.
2. Balancing Security and Innovation: ActiveFence is the leading provider of security and safety solutions for online experiences, safeguarding more than 3 billion users, top foundation models, and the world’s largest enterprises and tech platforms every day. As a trusted ally to major technology firms and Fortune 500 brands that build user-generated and GenAI products, ActiveFence empowers security, AI, and policy teams with low-latency Real-Time Guardrails and a continuous Red Teaming program that pressure-tests systems with adversarial prompts and emerging threat techniques. Powered by deep threat intelligence, unmatched harmful-content detection, and coverage of 117+ languages, ActiveFence enables organizations to deliver engaging and trustworthy experiences at global scale while operating safely and responsibly across all threat landscapes.