This website uses cookies to ensure you get the best experience.

watchTowr and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Skip to main content
Labs · UK, Singapore · Fully Remote

Vulnerability Engineer

Hello, let us introduce ourselves!

watchTowr is the Preemptive Exposure Management capability trusted by Fortune 500 companies and critical infrastructure providers.

By combining proactive threat intelligence, real attacker telemetry, and automated red teaming, watchTowr continuously identifies and validates real exposure - so security teams can outrun real-world threats.

When exploitation happens in hours, watchTowr delivers what no one else can: time to respond.

We are a global team of operators, researchers, and engineers who have spent years thinking like attackers - and we are now building the technology to stop them. Our work is recognised across the industry, with original vulnerability research from watchTowr Labs and innovations like Instinct and Attacker Eye shaping the future of cybersecurity.

Backed by $29M in funding, recognised by Gartner, and scaling fast across the globe, we are in a high-growth phase of our journey. We are a young, high-energy, and research-driven team, obsessed with building world-class technology - and we want exceptional people to join us.

But what’s the role?

We're looking for a Vulnerability Engineer that understands the full lifecycle from discovery to detection to deployment. You'll split your time between hands-on vulnerability research, building production-quality tooling, and pushing the boundaries of how LLMs can accelerate offensive security workflows.

This isn't a pure vulnerability research role. This isn't a pure engineering role. It's both; and more.

The role can be based in the UK or Singapore.

Sounds great – what will I do?

  • Conduct security research across both 0-days and n-days, reverse-engineering patches and performing analysis via patch diffing across both source-available and binary-only targets

  • Build and maintain internal tooling for automated vulnerability discovery, exploit validation, and detection signature generation

  • Implement production-grade LLM-powered workflows that accelerate vulnerability research

  • You will be focused on looking for the vulnerabilities that matter - high-impact weaknesses that would have a material impact on our clients. We don’t care about weak SSL ciphers, we care about Remote Code Execution.

  • If your dream is to speak at conferences and present your research to the world - we will support you to make it happen!

Sounds perfect to me, what specifics are you looking for?

Ideal Experience

Ideally, you should have 2 or more equivalent real-world years of experience in vulnerability research, with:

  • Familiarity with vulnerability research methodologies, such as reproducing n-days and performing patch diffing, and you're ready to go deeper.

  • Exposure to both web and binary vulnerability classes. You don't need to be an expert in both yet, but you understand the fundamentals - you know what a deserialization bug looks like, and you're not afraid of a dropping into a debugger.

  • Prior software engineering experience, with familiarity in Python.

  • Comfort with common security tooling: Burp Suite, Ghidra/IDA, debuggers, fuzzers, and the surrounding ecosystem.

  • A genuine interest in using LLMs to accelerate security workflows, with prior experimentation and use for code review, triage, or analysis and have opinions on where they help and where they fall short.

  • Exposure to startups or high-growth scale-ups, with comfort navigating ambiguity and fast-changing priorities.

  • Proven ability to thrive under pressure and adapt to shifting priorities.

  • Proactive, collaborative, and ownership-driven mindset.

  • Passion for continuous improvement and innovation.

  • Ability to learn quickly and apply new concepts effectively.

What’s in it for me?

  • Competitive compensation - we believe that hard work, skills and ambition should be fairly compensated.

  • Meaningful role in a company - You will be a key and early contributor to a fast-growing cybersecurity business that helps protect some of the world's largest enterprises.

  • The best tools and powerful kit - we enable you with the tools to effectively fulfil your role.

  • Endless opportunities – we are in a high-growth phase of our journey, and plan to promote from within as we scale.

  • Work with cyber security experts – we are solving cutting-edge industry-wide cyber security challenges with some of the world’s most advanced organisations.

watchTowr is proud to be an Equal Opportunity Employer

At watchTowr, we’re dedicated to fostering an inclusive, respectful, and diverse environment where every individual is recognised for their talent and potential. Our hiring decisions are guided by your capabilities, experience, and what you bring to the role - not by unrelated personal attributes.

We have a zero-tolerance approach to any form of discrimination or harassment. This includes - but isn’t limited to - discrimination based on race, ethnicity, religion, colour, nationality, sex, sexual orientation, gender identity or expression, age, disability, pregnancy or parental status, veteran status, or any other characteristic protected by law.

We actively encourage people from all backgrounds to apply. Even if you don’t tick every box in the job description, we’d still love to hear from you.

Department
Labs
Role
Vulnerability Engineer
Locations
UK, Singapore
Remote status
Fully Remote
Labs · UK, Singapore · Fully Remote

Vulnerability Engineer

Loading application form

Already working at watchTowr?

Let’s recruit together and find your next colleague.

Applicant tracking system by Teamtailor