Principal Vulnerability Researcher

**Hello, let us introduce ourselves**

We are watchTowr, a VC-backed cyber-security start-up headquartered in Singapore. Cyber security veterans and technical experts, we are obsessed with continuously finding ways to break into enterprises, while building technology for some of the world’s most targeted organisations.

With experience informed by years of simulating attacks by ransomware gangs and APT groups against some of the world's largest organisations, our mission is to be every organisation’s persistent adversary - with cutting-edge technology.

As a team, we’re leveraging data to build the future of Attack Surface Management and Continuous Automated Red Teaming technology. We’ve seen the limitations of the status-quo - consultancy. Our mission is to enable organisations to rapidly react to new threats and ultimately answer that one elusive question - “how could my organisation be compromised today?”.

We are a young, high-energy and high-performing team that is devoted to building world-class technology in pursuit of realising our mission. We are in a high and aggressive growth phase of our journey and are excited to continue adding colleagues to join our phorce of nature.

Our vision for offensive security is continuous.

**But what’s the role?**

We are looking for a veteran Vulnerability Researcher to join the watchTowr Labs team, in our bid to help secure attack surfaces at scale.

watchTowr Labs is our epicentre of offensive security expertise, and has been designed to operate like an APT group.

This is a pure research role, with an equal focus split on analysing N-day vulnerabilities to build reliable detections/exploits, and 0-day research - looking at critical technology that we see across vast attack surfaces (whether it be cloud solutions, appliances, etc).

If something is exposed to the Internet - whether it’s SaaS, cloud, shadow IT, or the random marketing website everyone forgot about presents a weakness to their organisation - it’s our job to discover, highlight, and hack it.

This is the opportunity to work with a highly capable, veteran team - while having significant flexibility to have an impact on the security posture of the organisations we work with.

**Sounds great - what will I do?**
- You will spend your days hacking - or, professionally put, “looking for vulnerabilities in critical software”. Pure research.
- You will be focused on analysing and hunting for vulnerabilities that **matter** - truly exploitable weaknesses that would have a material impact on our clients. We don’t care about weak SSL ciphers and unexploitable “the stars must align” weaknesses - we care about mass Remote Code Execution.
- You’ll work with other offensive security experts to share ideas and brainstorm new tactics and techniques that we can use to demonstrate high-impact weaknesses in organisations.
- You’ll perform cutting-edge offensive security research to build and test your tactics and techniques. Our research has one goal - to strengthen external attack surfaces.
- Use our technology to deploy tactics and techniques at scale against all of our clients - our message is very clear, never do anything twice. Let our technology provide the harness and continuous framework you need.
- We’d encourage you and expect you to be submitting your work to conferences around the world - we will support you to make it happen

**Sounds perfect to me, what specifics are you looking for?**

**Ideal Experience**
- 5 or more years of professional, or passion-driven extracurricular, experience focused on vulnerability research and exploit development
- Comfortable with a broad spectrum of weaknesses - ranging from abusive logic-based vulnerabilities, to esoteric low-level, memory corruption vulnerabilities.
- A demonstrable history of analysing or disclosing impactful, complex vulnerabilities - via advisories, blog posts and conference presentations - in enterprise-grade software.
- Driven by your own passion and initiative - you understand the mission, and don’t need someone to guide you.
- You can comfortably turn your highly-technical analysis and exploitation process into internal documentation, and occasionally tailored to an external audience.

**Our Experience**

When you join us, you can expect (ok, we kinda expect this from you too):

- A highly motivated, experienced, offensive cyber team that obsesses over our shared mission.
- To be part of a team of outcome-focused problem-solvers.
- An environment of autonomy and creativity to support you to deliver the best work of your life.
- A culture of continuous improvement in the form of learning and growth.

**What’s in it for me?**
- **Competitive compensation -** we believe that hard work, skills and ambition should be fairly compensated.
- **Meaningful role in a company** - You will be a key and early contributor to a fast-growing cyber security business that helps protect some of the world's largest enterprises.