Academy Hive Member

ABOUT COVERTSWARM

Our goal is simple: We aim to compromise our clients, constantly. Our Hives – a specialist team – 'swarm' around our targets, always looking for a new way to compromise them. As a result, we provide security insights and advice based upon our client's technological controls and mitigating solutions, and propose improvements that can be made from a training, process, and physical control perspective.

THE ROLE

Open to all European (UK/Spain) based applicants over the age of 18, this fully paid 12-month programme will see you integrated into the dynamic world of red team operations as a CovertSwarm Hive member, through mentorship, industry-recognised qualifications, and specialisation in areas of interest.

As an Academy Hive Member, your primary focus will be on rapidly developing the skills and techniques that make a great ethical hacker. This includes soft skills such as project management, client communications and teamwork, as well as core technical skills such as:

• OSINT and Reconnaissance
• External Perimeter
• Web Applications
• Internal Infrastructure
• Social Engineering
• Phishing, Vishing and Physical

The 12-month programme is structured across four phases, with increasing client-facing responsibility as your capability grows. The first two months are internal-only, focused on operational grounding and reporting standards before you touch a client environment. From month three onward, you'll move through supervised delivery, growing ownership, and independent readiness – with promotion to full Hive member, the target by month 13.

Each Academy Member is supported by a shared mentor pool of domain specialists, a coach focused on your professional development, and a peer buddy to help you find your feet in the Hive culture.

RESPONSIBILITIES

As this is an entry level position, with the aim of training you to become Hive Members, you will share responsibilities with the Hive Members themselves, supporting them on day to day operations wherever possible.

• Act as a business contact for CovertSwarm clients, fostering and maintaining relationships with key stakeholders and business partners. Ensuring client communication throughout the engagement and contract.
• Perform cyber security assessment activities against complex networks, applications, operating systems, wired/wireless networks, and mobile applications/devices.
• Develop and maintain attack plans bespoke to each client to replicate an Advanced Persistent Threat (APT).
• Create high quality actionable, threat-based, reports on security assessment results, which the client is debriefed on fully following the completion of any assessments.
• Consult with application developers, systems administrators, and management to demonstrate security assessment results, explain the threat presented by the results, and consult on remediation.
• Communicate security issues to a wide variety of internal and external "customers" which will include technical teams, executives, risk groups, vendors, and regulators.

WHAT WE ARE LOOKING FOR

If you have a curious mindset, like problem solving, and are passionate about Cyber Security, we want to hear from you. We seek people with proven passion – not just an interest in the field, but a track record of going further. That might look like:

• A history of self-directed technical study outside of formal education
• Personal labs, coding projects, or contributions to security research
• Completion of entry-level certifications or platform challenges prior to applying
• A clear starting direction within offensive security – showing you see this as a vocation, not just an opportunity

Experience with learning platforms such as HackTheBox and TryHackMe is preferred but not a strict requirement.

BENEFITS

Aside from working with some of the most talented and passionate people in the industry we can also offer you:

• A fully remote role with only the need to travel to client sites when in-person meetings are required, or we are running our quarterly meetups.
• You will not have to use a word processor for report writing – we deliver the results of our endeavours through our bespoke online portal.
• A culture born of vulnerability research. Reporting missing HTTP headers and SSL/TLS weaknesses, and outdated software patch versions is just 'noise' in our view. We focus on the actual point of compromise and continually look for new ways to breach our clients.
• Work when you want – That does not have to be a 9-5, but we ask that the job is done well, and core meetings are attended online.
• We go to DEF CON every year (well, when it is not cancelled!)
• Software, hardware, and research materials are not bound by strict limits. If you need a resource to deliver to the best of your ability, we will aim to accommodate this.
• Unlimited Training – If it is relevant and will help you, your Hive team, and CovertSwarm to better breach and educate our clients, then you can do whatever training you need to fulfil this.
• Unlimited Holiday – We all need downtime, take it, whenever you need it. There are no prizes for burnout. You work to live, not live to work.
• Private Medical Insurance.
• Company Pension.
• Access to our Electric Vehicle salary sacrifice scheme (UK residents only).
• If you present at a major infosec event/hacker conference, then we will pay your expenses and give you a bonus to reflect this.
• No corporate politics – The continued growth of CovertSwarm as a business, the team, and the quality of our services depends upon us being radically candid with one another. Always.

We pay good salaries, have a brilliant culture, and some of our Board are hackers, too! However, if you are just chasing the biggest pay packet, or are driven by your ego, then we are not for you, and you are not for us.