Principal Security Researcher

Hello, let us introduce ourselves!

watchTowr is the Preemptive Exposure Management capability trusted by Fortune 500 companies and critical infrastructure providers.

By combining proactive threat intelligence, real attacker telemetry, and automated red teaming, watchTowr continuously identifies and validates real exposure - so security teams can outrun real-world threats.

When exploitation happens in hours, watchTowr delivers what no one else can: time to respond.

We are a global team of operators, researchers, and engineers who have spent years thinking like attackers - and we are now building the technology to stop them. Our work is recognised across the industry, with original vulnerability research from watchTowr Labs and innovations like Instinct and Attacker Eye shaping the future of cybersecurity.

Backed by $29M in funding, recognised by Gartner, and scaling fast across the globe, we are in a high-growth phase of our journey. We are a young, high-energy, and research-driven team, obsessed with building world-class technology - and we want exceptional people to join us.

But what’s the role?

We’re looking for offensive security experts to expand our watchTowr Labs team, and find vulnerabilities at scale across our client base.

Sounds great – what will I do?

• You will spend your days hacking - or professionally put, “looking for innovative, high-impact vulnerabilities in numerous organisations to fuel our engine”. No scope, no time restrictions, no limitations.
• You will be focused on looking for the vulnerabilities that matter — high-impact weaknesses that would have a material impact on our clients. We don’t care about weak SSL ciphers, we care about Remote Code Execution.
• Collaborate with other seasoned offensive experts to brainstorm new TTPs and expand our capability to compromise modern infrastructure.
• Conduct cutting-edge offensive research into new attack vectors across cloud, SaaS, modern web stacks, and Internet-exposed infrastructure.
• Work alongside Red Team Engineers to operationalise your discoveries at scale — no need to repeat work when we can build and automate.
• If your dream is to speak at conferences and present your research to the world - we will support you to make it happen!

Sounds perfect to me, what specifics are you looking for?

Ideal Experience

Ideally, you should have 5 or more equivalent real-world years of experience, with:

• Strong hands-on red teaming or offensive security experience targeting real-world, modern infrastructure .
• A clear understanding of how to compromise organisations without known CVEs
• Ability to look at entire organisation for weaknesses - unclear scopes, thinking outside of the box is your game.
• Basic scripting proficiency (e.g., Python , Go ) to automate testing, discovery, or exploit development.
• Hold industry-recognised certifications like CCSAS, CCT, CRT, or OSCP or equivalent real-world skills (maybe you just lived on IRC in the 2000s).
• Driven by your own passion and initiative - you understand the mission, and don’t need someone to guide you.

What’s in it for me?

• Competitive compensation - we believe that hard work, skills and ambition should be fairly compensated.
• Meaningful role in a company - You will be a key and early contributor to a fast-growing cybersecurity business that helps protect some of the world's largest enterprises.
• The best tools and powerful kit - we enable you with the tools to effectively fulfil your role.
• Endless opportunities – we are in a high-growth phase of our journey, and plan to promote from within as we scale.
• Work with cyber security experts – we are solving cutting-edge industry-wide cyber security challenges with some of the world’s most advanced organisations.

watchTowr is proud to be an Equal Opportunity Employer

At watchTowr, we’re dedicated to fostering an inclusive, respectful, and diverse environment where every individual is recognised for their talent and potential. Our hiring decisions are guided by your capabilities, experience, and what you bring to the role - not by unrelated personal attributes.

We have a zero-tolerance approach to any form of discrimination or harassment. This includes - but isn’t limited to - discrimination based on race, ethnicity, religion, colour, nationality, sex, sexual orientation, gender identity or expression, age, disability, pregnancy or parental status, veteran status, or any other characteristic protected by law.

We actively encourage people from all backgrounds to apply. Even if you don’t tick every box in the job description, we’d still love to hear from you.