Principal Red Team Analyst

**Hello, let us introduce ourselves**

We are watchTowr, a VC-backed cyber-security start-up headquartered in Singapore. Cyber security veterans and technical experts, we are obsessed with continuously finding ways to break into enterprises, while building technology for some of the world’s most targeted organisations.

With experience informed by years of simulating attacks by ransomware gangs and APT groups against some of the world's largest organisations, our mission is to be every organisation’s persistent adversary - with cutting-edge technology.

As a team, we’re leveraging data to build the future of Attack Surface Management and Continuous Automated Red Teaming technology. We’ve seen the limitations of the status-quo - consultancy. Our mission is to enable organisations to rapidly react to new threats and ultimately answer that one elusive question - “how could my organisation be compromised today?”.

We are a young, high-energy and high-performing team that is devoted to building world-class technology in pursuit of realising our mission. We are in a high and aggressive growth phase of our journey and are excited to continue adding colleagues to join our phorce of nature.

Our vision for offensive security is continuous.

**But what’s the role?**

We are looking for passionate offensive security experts to join us in the watchTowr Labs team, as Lead Red Team Analysts - and help find innovative, unique vulnerabilities at scale across our client base. This is a role with both remote and Singapore-based options

watchTowr Labs is our epicentre of offensive security expertise, and has been designed to operate like an APT group. This is not consultancy work, project-based work, or engagements restricted by scope/time/budget. Enterprises rely on our technology and approach to look at their organisations holistically, and continuously, as if they were being continuously red-teamed.

If something is exposed to the Internet - whether it’s SaaS, cloud, shadow IT, or the random marketing website everyone forgot about presents a weakness to their organisation - it’s our job to discover it, highlight it, and hack it.

This is the opportunity to use your expertise and creativity to continuously find ways to break into some of the world and region’s largest brands, enterprises and businesses - and not be limited by a scope, time restrictions or repetitive client engagements.

**Sounds great - what will I do?**
- You will spend your days hacking - or professionally put, “looking for innovative, high-impact vulnerabilities in numerous organisations to fuel our engine”. No scope, no time restrictions, no limitations.
- You will be focused on looking for the vulnerabilities that **matter**:

- high-impact weaknesses that would have a material impact on our clients. We don’t care about weak SSL ciphers, we care about Remote Code Execution.
- You’ll work with other offensive security experts to share ideas and brainstorm new tactics and techniques that we can use to demonstrate high-impact weaknesses in organisations.
- You’ll be performing cutting-edge offensive security research to build and test your own high-impact tactics and techniques. Our research has one goal - strengthen external attack surfaces.
- By working closely with our Red Team Engineers, your tactics and techniques will be deployed at scale to all of our clients, and implemented into our technology - our message is very clear, never do anything twice, let our technology provide the harness and continuous framework you need.
- If your dream is to speak at conferences and present your research to the world - we will support you to make it happen

**Sounds perfect to me, what specifics are you looking for?**

**Ideal Experience**

Ideally, you should have 3 or more years of experience, with:

- Involvement in red-team exercises with large enterprises.
- You know how you'd break into enterprises without a known vulnerability or a CVE.
- Prolific experience in the bug bounty space - unclear scopes, thinking outside of the box is your game.
- Have basic scripting skills in GoLang and/or Python.
- Hold industry-recognised qualifications, like CCSAS/CCT/CRT/OSCP.
- Driven by your own passion and initiative - you understand the mission, and don’t need someone to guide you.

**Our Experience**

When you join us, you can expect (ok, we kinda expect this from you too):

- A highly motivated, experienced, offensive cyber team that obsesses over our shared mission.
- To be part of a team of outcome-focused problem-solvers.
- An environment of autonomy and creativity to support you to deliver the best work of your life.
- A culture of continuous improvement in the form of learning and growth.

**What’s in it for me?**
- **Competitive compensation - **we believe that hard work, skills and ambition should be fairly compensated.
- **Meaningful role in a company**:

- You will be a key and early contributor to a fast-growing cyber s