Security Consultant/Penetration Tester
**Please note we are currently only accepting applications from candidates with an existing right to work in the UK**
Intruder is a fast-growing cyber security start-up that’s been through prestigious accelerators including CyLon and the GCHQ Cyber Accelerator. Providing an integrated vulnerability scanning platform Intruder helps companies easily identify, track, and fix cyber security weaknesses, before they get hacked. Intruder has its headquarters in London, UK, and provides cyber security services to over 1000 customers worldwide. Learn more about Intruder’s platform, services, and growing team here.
We need the best security minds to help make sure our platform is always at the cutting edge of the industry, while simultaneously delivering the bespoke security consultancy and penetration testing that many of our customers need.
A successful security consultant at Intruder should have a deep understanding of both information security and technology. They should understand basic concepts including computer networking, web technologies, and cloud services. They will also have knowledge of common network defence tools and techniques, and their associated weaknesses. Successful consultants should also be able to learn advanced techniques in vulnerability detection, advanced fingerprinting, and security control evasion/bypass.
This role is highly technical and challenging with opportunities to help solve some complex problems within the vulnerability detection and monitoring space.
You are expected to quickly process new information so that you can stay ahead of the changing cyber security landscape and apply what you know to our customer’s attack surface, and the Intruder platform. You will be expected to identify, evaluate, and understand all access vectors for each customer’s environment and automate your approach.
You'll need to be a consultant first and foremost, with the ability manage your own schedule and speak to clients as important as your technical ability as a hacker. You'll also need to understand the important difference between a technical vulnerability and a business risk, as our clients need us to speak their language as well as ours.
You will be required to independently perform external infrastructure, web application, web service and cloud-focused penetration tests. This will include the full delivery lifecycle from initial contact through to final report delivery and close out.
You will also be required to conduct continuous vulnerability discovery/bug hunting against a subset of our customers. You will need to carry out checks from the penetration testing methodology at scale against multiple customers simultaneously. This will require a problem-solving mindset and an ability to rapidly automate tasks. As part of the continuous vulnerability discovery/bug hunting you will have to review automated scan results and triage results to determine whether findings are accurate.
We need you to help maintain our methodologies and tooling and where appropriate suggest changes and make improvements, to ensure that we continue to detect the most recent vulnerabilities.
A core part of your role will be to contribute to the continuous improvement and maintenance of the Intruder platform itself. This will include:
As part of the team, you will be expected to undertake research and document your findings. You may be asked to present your findings internally to the wider team, and publicly at conferences and public speaking events. You will also be expected to contribute to Intruder’s blog, either by providing content or helping others in the team develop content.
We're still a small team, so you'll also occasionally need to weigh in on a request from a customer or help at an event. As such, this role would suit someone looking for some variety to their role. As much as we want you to deliver, we also expect a candidate to bring their own ideas to the table and suggest ways for us to improve as a product and a business.
What’s in it for you
For this intermediate level role, we are offering a competitive salary of £35,000 - £60,000 per year, depending upon your existing experience and skill set. We also want you to benefit from the success you create, great companies are built by great people, so we offer share options to all employees, depending on experience and salary.
We're a friendly team and we work in an enjoyable but professional working environment. We're not a traditional consultancy in that our focus is primarily on our platform and product, so we don't run our consultants at 100% utilisation. There's plenty of time for other activities, like doing security research, hunting for additional bugs for our customers, or writing blog articles, where this aligns with company objectives.
We’re based in London, UK, but we are open to remote working arrangements. Some of our team members are already working remotely, but if you’re able to visit our office on occasion to meet the team that would be a benefit. Our focus is on internet-exposed systems, which means that we do not require you to travel to customer sites to deliver internal penetration tests.
As a small team we are flexible and offer a certain level of autonomy that allows you to make meaningful and lasting contributions to Intruder, and our customers.
The ideal candidate must