At a Glance
- Tasks: Conduct cutting-edge research to uncover cloud security vulnerabilities and improve our product.
- Company: Join a dynamic team at Tracebit, working with top security firms globally.
- Benefits: Flexible working hours, remote options, and opportunities for professional growth.
- Other info: Collaborate with industry leaders and represent Tracebit at global conferences.
- Why this job: Make a real impact in the security community while developing your skills.
- Qualifications: 5+ years in offensive security, strong coding skills, and a passion for research.
The predicted salary is between 70000 - 90000 £ per year.
Our product helps security teams quickly and accurately detect intrusions in their cloud environment using canaries - decoys deployed to deceive attackers. Our research has already made an impact: We've disclosed vulnerabilities in Google's Gemini CLI. We work with some of the world's leading security teams at companies like Snyk, Riot Games, and Docker. We're at a key stage: we need someone to expand and formalize our research function, turning findings into actionable insights and engaging content while helping Tracebit contribute to the wider security community.
Who we're looking for:
- 5+ years in offensive security or vulnerability research with deep focus on cloud platforms (AWS, Azure, GCP).
- You've found and disclosed vulnerabilities before.
- Published security researcher.
- Track record of blog posts, conference talks, CVEs, or bug bounty submissions.
- You know how to communicate technical findings clearly.
- Comfortable writing and reading code, and analysing data.
- You can write scripts, build tooling, and create detection rules.
- Self-directed. You're excited to build a research practice from scratch without perfect processes or large teams.
About the role:
- Reporting to Sam, our CTO and Co-Founder, you'll expand our security research practice and conduct novel research that directly improves our product.
- Your core focus:
- Conduct deep technical research into complex cloud services to uncover novel attack vectors.
- Investigate real-world attacks across cloud environments, identity providers (IDPs), and infrastructure-as-a-service (IaaS) platforms.
- Help our team design new canary types and improve our product based on your research.
- Publish research through blog posts, conference talks (BlackHat, RSA, BSides, fwd:cloudsec), and community engagement.
- Monitor the threat landscape and proactively research emerging attack techniques to write detections and blog posts.
- Represent Tracebit at industry conferences globally and build relationships with other researchers.
- You’ll find attack vectors, write content, and see our engineering team deploy your findings to protect customers.
FAQs:
- Where is the office? The whole team works together in an office right next to Warren Street tube station - there are lots of great places to grab lunch nearby.
- Are you doing hybrid/remote? This role can be based either in our London office or fully remote. We are an office-first company - all of our team works together in London 5 days a week. However, we're making an exception for this role given the nature of the work and the need to hire the best talent in this space. If you're based in London, you'll work from our office. If you're remote, we expect you to visit London at least quarterly to collaborate with the team in person.
- What are the working hours like? We think 9am-6pm will bring a great cadence to work. As a Security Researcher there will definitely be times you need to pick up work outside of these hours, we're keen to limit this where we can but also offer flexibility in return.
- Can you sponsor visas? We can support various types of working visas in the UK, including: Skilled Worker Visa (both from within and outside the UK) Intra-Company Transfer Visa. We are keen to support candidates who require visa sponsorship. Please let us know which specific visa type you might need during the initial application or interview process. Our team is committed to helping talented individuals navigate the necessary visa requirements.
Security Researcher in London employer: Tracebit
At Tracebit, we pride ourselves on being an exceptional employer that fosters a collaborative and innovative work culture. Our London office, conveniently located near Warren Street tube station, offers a vibrant environment where security researchers can thrive, with opportunities for professional growth through engaging with leading industry conferences and contributing to the security community. We value flexibility and support our team members with visa sponsorship, ensuring that talented individuals from diverse backgrounds can join us in making a meaningful impact in the world of cloud security.
StudySmarter Expert Advice🤫
We think this is how you could land Security Researcher in London
✨Tip Number 1
Network like a pro! Reach out to folks in the security community, especially those who work at companies like Snyk or Riot Games. Attend meetups or conferences, and don’t be shy about sharing your research – it could lead to some great opportunities!
✨Tip Number 2
Show off your skills! Create a portfolio of your past work, including any vulnerabilities you've disclosed or blog posts you've written. This will not only demonstrate your expertise but also give potential employers a taste of what you can bring to the table.
✨Tip Number 3
Engage with the community! Publish your findings on platforms like Medium or GitHub, and consider speaking at conferences. This not only builds your reputation but also shows that you're passionate about contributing to the wider security landscape.
✨Tip Number 4
Apply through our website! We’re always on the lookout for talented individuals who can help us expand our research function. Don’t hesitate to showcase your unique approach to security research when you apply!
We think you need these skills to ace Security Researcher in London
Some tips for your application 🫡
Show Off Your Experience:Make sure to highlight your 5+ years in offensive security or vulnerability research. We want to see your track record of finding and disclosing vulnerabilities, so don’t hold back on those impressive achievements!
Communicate Clearly:Since you’ll be turning complex findings into actionable insights, it’s crucial to demonstrate your ability to communicate technical information clearly. Use straightforward language and avoid jargon where possible to make your application stand out.
Be Yourself:We’re looking for someone self-directed and excited about building a research practice from scratch. Let your personality shine through in your application – we want to know what makes you tick and how you approach challenges!
Apply Through Our Website:Don’t forget to apply through our website! It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. We can’t wait to see what you bring to the table!
How to prepare for a job interview at Tracebit
✨Know Your Stuff
Make sure you brush up on your offensive security knowledge, especially around cloud platforms like AWS, Azure, and GCP. Be ready to discuss any vulnerabilities you've found and disclosed in the past, as well as your experience with bug bounties or CVEs.
✨Showcase Your Communication Skills
Since you'll need to communicate complex technical findings clearly, prepare to explain your previous research or projects in a way that's easy to understand. Think about how you can present your work as if you're talking to someone who's not as technical.
✨Be Ready to Discuss Research Ideas
Come prepared with some ideas for novel research you could conduct at Tracebit. Think about potential attack vectors or emerging techniques you’ve noticed in the threat landscape that could be relevant to their product.
✨Engage with the Community
Tracebit values community engagement, so be ready to talk about your involvement in the security community. Whether it's blog posts, conference talks, or collaborations, show how you can contribute to building relationships and sharing knowledge.
