Science - Red Team Engineer

iProov provides science-based biometric solutions that enable the world’s most security-conscious organizations to streamline secure remote onboarding and authentication for digital and physical access. Our award-winning liveness technology and iSOC offer unmatched resilience against deepfakes and generative AI threats while ensuring effortless, scalable user experiences. Trusted by leading governments and enterprises, including the U.S. Department of Homeland Security, U.K. Home Office, GovTech Singapore, ING, and UBS, iProov sets the standard in biometric identity assurance.

This global trust is built not only on our technology but on the strength of the people behind it. For us, diversity at iProov is about reflecting the customers we serve, holding the principles of equality and inclusion at the heart of everything we do and all that we stand for, embracing differences, creating possibilities, and growing together. We aim to foster a culture where individuals of all backgrounds feel confident in bringing their whole selves to work, feel included, and their talents are nurtured, empowering them to contribute fully to our purpose.

The Role

• Reports to: Head of Red Team
• Location: UK - Hybrid
• Comp: Negotiable (Base) + Company Performance Bonus (10%) + Share Options + UK iProov Benefits

As we continue to scale and grow, we are looking for an experienced Red Team Engineer focused on web platforms to join our growing Red Team function and ensure our system continues to deliver outstanding levels of biometric security and performance globally.

Our system has to provide the highest levels of biometric security to defend against the numerous and growing threats, whilst ensuring that we deliver outstanding performance for our millions of users worldwide. This is an exceptionally challenging problem as the nature of the threats evolves rapidly and there is a constant and growing need to track new threats, develop new defences and deploy in a timely and efficient manner.

How you can make an impact:

• Design and execute Red Team Operations against iProov’s biometric platform, web apps, APIs, identity flows.
• Strengthen the company’s security posture through offensive security assessments including the identification and exploitation of vulnerabilities across the web platform.
• Perform penetration testing and realistic security exercises to simulate various attack scenarios, to test and improve our detection and response capabilities, and to identify weaknesses in our infrastructure and products.
• Execute technical security assessments to identify risk, likelihood and impact an attacker may have on the System due to weak or missing controls.
• Conduct research into real-world threat actor tactics, techniques, and procedures (TTP’s) to develop proof-of-concept tools and replicate real world attacks.
• Present findings and operational work to groups in a clear and professional manner.
• Produce clear, actionable reports, risk-ranked remediation plans, and executive summaries aimed at product and engineering stakeholders.
• Collaborate with defenders, product teams, and leadership to translate findings into prioritized, actionable remediation and risk reduction.
• Bring insight into all aspects of modern security issues to our products and rapidly developing prototypes for mitigations.
• Mentor engineers in secure-by-design patterns, client-side security, and secure API design.
• Work hand-in-hand with developers to propose pragmatic mitigations, remediation plans, and detection logic for vulnerabilities discovered during engagements.
• Translate findings into engineering-friendly fix guidance (code-level suggestions, configuration changes, library upgrades, secure design alternatives) and where required create reproducible PoCs that safely demonstrate impact.
• Validate and re-test remediations and detection improvements (verify fixes, tune rules/signatures, confirm telemetry coverage).
• Integrate offensive findings into the SDLC: enable SCA (software composition analysis), SAST/DAST pipelines, pre-merge checks, and secure CI/CD practices.
• Ensure all work follows company policies, rules of engagement (ROE), and legal/regulatory requirements.

What we would like to see from you:

• 5+ years of experience in ethical hacking, vulnerability research, exploit development, penetration testing or being a member of a red team, with significant focus on web application security.
• Strong hands-on experience attacking and defending modern web tech stacks.
• Proficient with offensive web toolsets (Burp Suite, OWASP ZAP) and experienced building extensions/scripts.
• Experience with developing and maintaining web-focused tooling and automation (Burp extensions, custom scanners, authenticated API fuzzers, GraphQL mutation explorers, Puppeteer/Playwright scripts).
• Experience with source code reviewing for control flow and security flaws.
• A passion for constructively breaking things.
• Want to be part of an ambitious, high-growth startup company.
• Written and verbal communication skills in English.

Benefits:

• 25 days Annual Leave, plus 8 Bank Holidays (more holiday with service - up to an extra 5 days off per year based on your continuous service).
• Growth Shares allocated after passing probation (6 months of service).
• Salary sacrifice schemes including: Pension, Cycle To Work and Electric Car Scheme.
• Nursery Sacrifice Scheme.
• Work Overseas Perk - Work globally for up to 2 weeks.
• Life Assurance.
• SmartHealth - Access to private GP, Psychologist, Nutritionist along with tailored fitness plans for both you and your family.
• Award winning L&D platform with personal allocated training budgets.
• Benefit from personalized 1:1 career coaching with our in-house Occupational Psychologist.
• Enhanced paid family leave.
• Flexible hybrid working environment.
• Free Barista Coffee/Tea, biscuits with fruit in the WeWork office.
• Free access to WeWork discounts and free online well-being sessions.
• Vitality Health - a range of options available on this below.
• The Vitality Programme includes a number of reward benefits that all employees have access to as part of the plan, for example: Private Health cover including Dental, Optical, and Audiology.
• 50% off monthly gym memberships.
• Apple watches significantly discounted based on member vitality status.
• Half price trainers with Runners Need.
• Weekly rewards – Free coffee with Café Nero.
• Monthly rewards – Free Cinema ticket.
• Discounts on travel with Expedia (hotels) and Mr & Mrs Smith with discounts getting greater throughout the year based on members vitality status.
• Amazon prime free months based on activity.
• Up to 25% cashback at Waitrose when buying healthy foods.
• 75% off stays at Champneys Health Spas.
• Allen Carr’s £299 no smoking programme for free.
• Access to Vitality Healthy Mind with 30% off Headspace subscriptions and the ability to earn Vitality points for using Buddhify, Calm and Headspace.
• Discounts on Weight Watchers.

Our Culture & Recruitment Process

At iProov, we’re incredibly proud of the culture we’ve carefully curated. Our culture enables diverse thought, curiosity and innovation. Our team strives to do everything to the highest standard possible to achieve the remarkable. To do that we need different perspectives, experiences and ideas alongside an environment where these are welcomed - we want everyone to feel confident in bringing their full capabilities to work. We firmly believe psychological safety is key to building and nurturing great teams. We’re a small and dynamic company, that means having the right skills is important, and we know that our best work emerges when people feel secure, welcomed and respected.

As an equal opportunities employer, we encourage applications from people of all backgrounds. We’re committed to building a workforce that is representative of the people we serve. We will not put someone at a disadvantage or treat them less favourably because of race, color, national origin, ancestry, age, disability, creed, religion or belief, sex, sexual orientation, gender reassignment, marriage or civil partnership, or pregnancy and maternity. Our goal is to find people who are passionate about creating a safer, more secure world.

Our recruitment process is designed to be fair and transparent, focusing solely on your qualifications, competence, and suitability for the role. We review all applications carefully and will be in touch with shortlisted candidates regarding the next steps in our interview process. If you need an adjustment for a disability or any other reason during the hiring process, please send a request to careers@iproov.com.