At a Glance
- Tasks: Conduct cutting-edge research to uncover cloud security vulnerabilities and improve our product.
- Company: Join a dynamic team at Tracebit, working with top security firms globally.
- Benefits: Flexible working hours, remote options, and opportunities for professional growth.
- Other info: Collaborate with industry leaders and represent Tracebit at global conferences.
- Why this job: Make a real impact in the security community while developing your skills.
- Qualifications: 5+ years in offensive security, strong coding skills, and a passion for research.
The predicted salary is between 70000 - 90000 £ per year.
Our product helps security teams quickly and accurately detect intrusions in their cloud environment using canaries - decoys deployed to deceive attackers. Our research has already made an impact: We've disclosed vulnerabilities in Google's Gemini CLI. We work with some of the world's leading security teams at companies like Snyk, Riot Games, and Docker. We're at a key stage: we need someone to expand and formalize our research function, turning findings into actionable insights and engaging content while helping Tracebit contribute to the wider security community.
Who we're looking for:
- 5+ years in offensive security or vulnerability research with deep focus on cloud platforms (AWS, Azure, GCP). You've found and disclosed vulnerabilities before.
- Published security researcher. Track record of blog posts, conference talks, CVEs, or bug bounty submissions. You know how to communicate technical findings clearly.
- Technical. Comfortable writing and reading code, and analysing data. You can write scripts, build tooling, and create detection rules.
- Self-directed. You're excited to build a research practice from scratch without perfect processes or large teams.
About the role:
- Reporting to Sam, our CTO and Co-Founder, you'll expand our security research practice and conduct novel research that directly improves our product.
- Your core focus:
- Conduct deep technical research into complex cloud services to uncover novel attack vectors.
- Investigate real-world attacks across cloud environments, identity providers (IDPs), and infrastructure-as-a-service (IaaS) platforms.
- Help our team design new canary types and improve our product based on your research.
- Publish research through blog posts, conference talks (BlackHat, RSA, BSides, fwd:cloudsec), and community engagement.
- Monitor the threat landscape and proactively research emerging attack techniques to write detections and blog posts.
- Represent Tracebit at industry conferences globally and build relationships with other researchers.
- You’ll find attack vectors, write content, and see our engineering team deploy your findings to protect customers.
FAQs:
- Where is the office? The whole team works together in an office right next to Warren Street tube station - there are lots of great places to grab lunch nearby.
- Are you doing hybrid/remote? This role can be based either in our London office or fully remote. We are an office-first company - all of our team works together in London 5 days a week. However, we're making an exception for this role given the nature of the work and the need to hire the best talent in this space. If you're based in London, you'll work from our office. If you're remote, we expect you to visit London at least quarterly to collaborate with the team in person.
- What are the working hours like? We think 9am-6pm will bring a great cadence to work. As a Security Researcher there will definitely be times you need to pick up work outside of these hours, we're keen to limit this where we can but also offer flexibility in return.
- Can you sponsor visas? We can support various types of working visas in the UK, including: Skilled Worker Visa (both from within and outside the UK) Intra-Company Transfer Visa. We are keen to support candidates who require visa sponsorship. Please let us know which specific visa type you might need during the initial application or interview process. Our team is committed to helping talented individuals navigate the necessary visa requirements.
Security Researcher employer: Tracebit
At Tracebit, we pride ourselves on being an exceptional employer that fosters a collaborative and innovative work culture. Our London office, conveniently located near Warren Street tube station, offers a vibrant environment where security researchers can thrive, with opportunities for professional growth through engaging with leading industry conferences and contributing to the wider security community. We value flexibility and support our team members with visa sponsorship, ensuring that talented individuals from diverse backgrounds can join us in making a meaningful impact in cloud security.
StudySmarter Expert Advice🤫
We think this is how you could land Security Researcher
✨Tip Number 1
Network like a pro! Reach out to folks in the security community, especially those at companies like Snyk or Riot Games. Attend conferences and engage with researchers; you never know who might have a lead on your dream job.
✨Tip Number 2
Show off your skills! Create a portfolio of your research, blog posts, and any talks you've given. This is your chance to demonstrate your expertise and passion for security research, so make it shine!
✨Tip Number 3
Don’t just apply anywhere—apply through our website! Tailor your application to highlight your experience with cloud platforms and vulnerability research. We want to see how you can contribute to our mission at Tracebit.
✨Tip Number 4
Prepare for interviews by brushing up on your technical skills. Be ready to discuss your past findings and how they can translate into actionable insights for our team. Confidence and clarity are key!
We think you need these skills to ace Security Researcher
Some tips for your application 🫡
Show Off Your Experience:Make sure to highlight your 5+ years in offensive security or vulnerability research. We want to see your track record of finding and disclosing vulnerabilities, so don’t hold back on those achievements!
Communicate Clearly:Since you’ll be turning complex findings into engaging content, it’s crucial to demonstrate your ability to communicate technical details clearly. Use examples from your blog posts or talks to showcase this skill.
Be Yourself:We’re looking for someone self-directed who can build a research practice from scratch. Let your personality shine through in your application – we want to know what excites you about this role!
Apply Through Our Website:Don’t forget to apply through our website! It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. We can’t wait to hear from you!
How to prepare for a job interview at Tracebit
✨Know Your Stuff
Make sure you brush up on your knowledge of cloud platforms like AWS, Azure, and GCP. Be ready to discuss specific vulnerabilities you've found and disclosed in the past. This role is all about technical depth, so showing that you can talk shop confidently will impress the interviewers.
✨Showcase Your Work
Prepare a portfolio of your published research, blog posts, or conference talks. If you've got CVEs or bug bounty submissions, bring those up too! Being able to demonstrate your contributions to the security community will highlight your expertise and passion for the field.
✨Be Ready to Think on Your Feet
Expect some technical questions that require you to think critically and solve problems on the spot. Practice explaining complex concepts clearly and concisely, as communication is key in this role. They want someone who can turn technical findings into actionable insights, so show them you can do just that!
✨Cultural Fit Matters
Research Tracebit's culture and values. They’re looking for someone self-directed who can build a research practice from scratch. Be prepared to discuss how you work independently and collaborate with teams, even if you're remote. Showing that you align with their mission and values will set you apart.
