Principal Security Researcher in London

Join to apply for the Principal Security Researcher role at watchTowr. watchTowr is the Preemptive Exposure Management capability trusted by Fortune 500 companies and critical infrastructure providers. By combining proactive threat intelligence, real attacker telemetry, and automated red teaming, watchTowr continuously identifies and validates real exposure so security teams can outrun real‐world threats.

We are a global team of operators, researchers, and engineers who think like attackers and build the technology to stop them. Our work is recognised across the industry with original vulnerability research from watchTowr Labs and innovations such as Instinct and Attacker Eye shaping the future of cybersecurity. Backed by $29 M in funding, recognised by Gartner and scaling fast across the globe, we are in a high‐growth phase of our journey.

What’s the role?

We’re looking for offensive security experts to expand our watchTowr Labs team and find vulnerabilities at scale across our client base.

• Spend your days hacking – or, professionally, "looking for innovative, high‐impact vulnerabilities in numerous organisations to fuel our engine". No scope, no time restrictions, no limitations.
• Focus on the vulnerabilities that matter – high‐impact weaknesses that would have a material impact on our clients.
• Collaborate with other seasoned offensive experts to brainstorm new TTPs and expand our capability to compromise modern infrastructure.
• Conduct cutting‐edge offensive research into new attack vectors across cloud, SaaS, modern web stacks, and Internet‐exposed infrastructure.
• Work alongside Red Team Engineers to operationalise your discoveries at scale.
• If your dream is to speak at conferences and present your research to the world – we will support you to make it happen!

Ideal Experience

• Strong hands‐on red teaming or offensive security experience targeting real‐world, modern infrastructure.
• A clear understanding of how to compromise organisations without known CVEs.
• Ability to look at an entire organisation for weaknesses – unclear scopes, thinking outside the box is your game.
• Basic scripting proficiency (e.g., Python, Go) to automate testing, discovery, or exploit development.
• Hold industry‐recognised certifications such as CCSAS, CCT, CRT, or OSCP, or equivalent real‐world skills.
• Driven by your own passion and initiative – you understand the mission and don’t need someone to guide you.

What’s in it for me?

• Competitive compensation – we believe that hard work, skills, and ambition should be fairly compensated.
• Meaningful role in a company – you will be a key and early contributor to a fast‐growing cybersecurity business that helps protect some of the world’s largest enterprises.
• The best tools and powerful kit – we enable you with the tools to effectively fulfil your role.
• Endless opportunities – we are in a high‐growth phase of our journey and plan to promote from within as we scale.
• Work with cyber security experts – we are solving cutting‐edge industry‐wide cyber security challenges with some of the world’s most advanced organisations.

watchTowr is proud to be an Equal Opportunity Employer. At watchTowr, we’re dedicated to fostering an inclusive, respectful, and diverse environment where every individual is recognised for their talent and potential. Our hiring decisions are guided by your capabilities, experience, and what you bring to the role — not by unrelated personal attributes.

We have a zero‐tolerance approach to any form of discrimination or harassment. This includes, but isn’t limited to, discrimination based on race, ethnicity, religion, colour, nationality, sex, sexual orientation, gender identity or expression, age, disability, pregnancy or parental status, veteran status, or any other characteristic protected by law. We actively encourage people from all backgrounds to apply. Even if you don’t tick every box in the job description, we’d still love to hear from you.