This website uses cookies to ensure you get the best experience.

watchTowr and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
watchTowr career site
Labs · UK · Fully Remote

Senior Deception Engineer

Hello, let us introduce ourselves!

watchTowr is the Preemptive Exposure Management capability trusted by Fortune 500 companies and critical infrastructure providers.

By combining proactive threat intelligence, real attacker telemetry, and automated red teaming, watchTowr continuously identifies and validates real exposure - so security teams can outrun real-world threats.

When exploitation happens in hours, watchTowr delivers what no one else can: time to respond.

We are a global team of operators, researchers, and engineers who have spent years thinking like attackers - and we are now building the technology to stop them. Our work is recognised across the industry, with original vulnerability research from watchTowr Labs and innovations like Instinct and Attacker Eye shaping the future of cybersecurity.

Backed by $29M in funding, recognised by Gartner, and scaling fast across the globe, we are in a high-growth phase of our journey. We are a young, high-energy, and research-driven team, obsessed with building world-class technology - and we want exceptional people to join us.

But what’s the role?

We are looking for a Senior Deception Engineer to join watchTowr Threat Intelligence, where you will design, build, and operate hyper-realistic deception infrastructure within our global Attacker Eye honeypot network. You’ll play a key role in expanding our offensive security and deception engineering capabilities, enabling real-time visibility into how organisations are actively targeted and compromised in the wild. This role is ideally based in the UK, with flexibility for the right candidate.

Sounds great – what will I do?

  • Help design, build, and operate large-scale deception infrastructure within our hyper-realistic Attacker Eye global honeypot network, emulating real-world systems, services, and applications exposed to the internet.

  • Engineer and maintain high-interaction deception assets that capture authentic attacker behavior, exploitation workflows, and post-exploitation activity across multiple protocols and technology stacks.

  • Continuously evolve deception tactics by tracking attacker tradecraft, emerging vulnerabilities, and exploitation techniques to ensure environments remain believable and resistant to fingerprinting.

  • Instrument, enrich, and analyze deception telemetry, transforming raw log data into high-quality signals.

  • Generate automated reports from raw log data, producing structured insights on attacker behavior, exploitation trends, and campaign activity for internal and external consumption.

  • Rapidly deploy new deception scenarios in response to emerging N-day and 0-day vulnerabilities, active exploitation campaigns, and shifts in adversary behavior.

  • Collaborate closely with Detection Engineering and Threat Intelligence teams to convert deception telemetry into production detections and actionable intelligence.

  • Share insights across the organization, working with Labs, Marketing, Product, and other teams to help communicate emerging threats, research findings, and attacker trends.

  • Contribute original research and publications, documenting attacker behavior, deception methodology, and exploitation patterns for both internal stakeholders and the wider security community.

  • Own and improve the deception lifecycle, from implementation, deployment through, data quality, and long-term signal value.

Sounds perfect to me, what specifics are you looking for?

Ideal Experience:

  • 7+ years in security engineering, offensive security, detection engineering, threat research, or related hands-on technical roles.

  • 3+ years working directly with honeypots, deception systems, or internet-facing security telemetry at scale.

  • Experience working in an early-stage B2B startup focusing on enterprise clients.

  • Strong understanding of attacker tradecraft, including exploitation chains, post-exploitation behavior, automation frameworks, and tooling.

  • Proven experience building or modifying network services, protocols, or application stacks to emulate real production environments.

  • Deep familiarity with Linux internals, networking, and common internet protocols (HTTP(S), SSH, SMTP, FTP, databases, RPC, etc.).

  • Strong Python proficiency, with experience writing custom services, emulators, instrumentation, and automation tooling.

  • Experience working with cloud infrastructure, containers, and infrastructure-as-code to deploy deception systems globally.

  • Comfort operating in high-noise, adversarial environments, iterating quickly as attackers adapt their behavior.

  • Familiarity with log pipelines and analysis platforms (e.g., OpenSearch / ELK) to validate deception quality and attacker engagement.

What’s in it for me?

  • Competitive compensation - we believe that hard work, skills and ambition should be fairly compensated.

  • Meaningful role in a company - You will be a key and early contributor to a fast-growing cybersecurity business that helps protect some of the world's largest enterprises.

  • The best tools and powerful kit - we enable you with the tools to effectively fulfil your role.

  • Endless opportunities – we are in a high-growth phase of our journey, and plan to promote from within as we scale.

  • Work with cyber security experts – we are solving cutting-edge industry-wide cyber security challenges with some of the world’s most advanced organisations.

watchTowr is proud to be an Equal Opportunity Employer

At watchTowr, we’re dedicated to fostering an inclusive, respectful, and diverse environment where every individual is recognised for their talent and potential. Our hiring decisions are guided by your capabilities, experience, and what you bring to the role - not by unrelated personal attributes.

We have a zero-tolerance approach to any form of discrimination or harassment. This includes - but isn’t limited to - discrimination based on race, ethnicity, religion, colour, nationality, sex, sexual orientation, gender identity or expression, age, disability, pregnancy or parental status, veteran status, or any other characteristic protected by law.

We actively encourage people from all backgrounds to apply. Even if you don’t tick every box in the job description, we’d still love to hear from you.

Department
Labs
Role
Senior Deception Engineer
Locations
UK
Remote status
Fully Remote
Labs · UK · Fully Remote

Senior Deception Engineer

Loading application form

Already working at watchTowr?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor