At a Glance
- Tasks: Lead advanced penetration tests and engage in Red Team projects for top global companies.
- Company: Join Alice, a cutting-edge trust and security company for the AI era.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Other info: Dynamic team environment with opportunities to showcase your skills and creativity.
- Why this job: Make a real impact in cybersecurity while working with innovative technologies.
- Qualifications: 3+ years in application security, strong API testing skills, and coding proficiency.
The predicted salary is between 60000 - 80000 £ per year.
We are seeking a highly motivated and technically proficient Senior Penetration Tester to join our security research division. This role is dedicated to performing advanced offensive security assessments against the biggest companies in the world. You need to be independent, attentive to details, organized, eager to learn new things, and like to research and solve problems.
What you’ll do:
- Lead and execute comprehensive, technically rigorous penetration tests targeting complex web applications, modern API architectures, and enterprise systems for organizations with significant global presence.
- Engage in sophisticated Red Team projects, including the identification of undisclosed API endpoints, development of novel bypass techniques for established security controls, and lateral movement within target environments.
- Contribute substantively to the design, development, and maintenance of proprietary internal security tools and automation frameworks to enhance the efficacy and efficiency of offensive operations.
Requirements:
- Minimum of 3 years of proven, hands‑on experience in application security analysis, with a heavy emphasis on complex API penetration testing and a mastery of the OWASP Top 10 landscape.
- Proficiency in developing and automating tasks using at least one language like Python, JavaScript, or GoLang.
- Strong experience with static and dynamic analysis of Android and iOS applications, including hands‑on experience with techniques like detours, hooking, and runtime code manipulation.
- Deep, hands‑on knowledge of the latest tactics, techniques, and procedures (TTPs) used in advanced penetration testing and network analysis.
- Ability to author comprehensive and technically rigorous reports detailing identified vulnerabilities and research outcomes.
Nice to have:
- OSCP, OSWE, eWPTXv2, CRTP, or other high‑level offensive certifications.
- Hands‑on experience with industry‑standard reversing tools like JADX, Ghidra, or IDA Pro.
- Demonstrated online achievements, write‑ups, or contributions on platforms such as HackTheBox, Pwn2Own, TryHackMe, Bug Bounty programs, or published security research.
About Alice:
Alice is a trust, safety, and security company built for the AI era. We safeguard the communicative technologies people use to create, collaborate, and interact‑whether with each other or with machines. In a world where AI has fundamentally changed the nature of risk, Alice provides end‑to‑end coverage across the entire AI lifecycle. We support frontier model labs, enterprises, and UGC platforms with a comprehensive suite of solutions: from model hardening evaluations and pre‑deployment red‑teaming to runtime guardrails and ongoing drift detection.
Application Security Researcher employer: Alice
At Alice, we pride ourselves on being an exceptional employer that fosters a culture of innovation and continuous learning. Our team of skilled professionals enjoys a collaborative work environment where they can engage in cutting-edge security research while contributing to the safety of AI technologies. With ample opportunities for professional growth and development, employees are empowered to take on challenging projects that make a real impact in the industry.
StudySmarter Expert Advice🤫
We think this is how you could land Application Security Researcher
✨Tip Number 1
Network like a pro! Attend industry meetups, conferences, or online webinars related to application security. Engaging with professionals in the field can lead to valuable connections and potential job opportunities.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your penetration testing projects, write-ups, or contributions to platforms like HackTheBox. This not only demonstrates your expertise but also makes you stand out to potential employers.
✨Tip Number 3
Prepare for interviews by practising common technical questions and scenarios related to application security. We recommend doing mock interviews with friends or using online platforms to get comfortable with the process.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Application Security Researcher
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Application Security Researcher role. Highlight your experience with penetration testing, especially around APIs and the OWASP Top 10. We want to see how your skills match what we're looking for!
Show Off Your Projects:If you've worked on any cool security projects or have contributions on platforms like HackTheBox or Bug Bounty programs, don’t hold back! We love seeing practical examples of your work that demonstrate your expertise.
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about application security and how you can contribute to our team. We want to know what makes you tick and why you’re excited about this role.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, it shows us you’re serious about joining our team at StudySmarter!
How to prepare for a job interview at Alice
✨Know Your Stuff
Make sure you brush up on your application security knowledge, especially the OWASP Top 10. Be ready to discuss your hands-on experience with API penetration testing and any relevant tools you've used. This shows you're not just familiar with the theory but can apply it in real-world scenarios.
✨Show Off Your Projects
If you've worked on any interesting Red Team projects or developed security tools, be sure to mention them. Bring examples of your work or contributions to platforms like HackTheBox or Bug Bounty programs. This demonstrates your passion and practical skills in the field.
✨Prepare for Technical Questions
Expect some tough technical questions during the interview. Practice explaining complex concepts clearly and concisely. You might be asked about specific techniques like detours or hooking, so make sure you can articulate your understanding and experience with these methods.
✨Ask Insightful Questions
At the end of the interview, don’t forget to ask questions that show your interest in the company and the role. Inquire about their current security challenges or how they approach new technologies. This not only shows your enthusiasm but also helps you gauge if the company is the right fit for you.
