Vulnerability Engineer – Offensive Security & Research

Vulnerability Engineer – Offensive Security & Research

Location: UK Remote

Employment Type: Permanent

About the Opportunity

A rapidly growing, venture-backed cybersecurity company at the forefront of Pre-Emptive Exposure Management is expanding its global Offensive Security and Vulnerability Research function. This is an opportunity to join an elite team focused on discovering, validating, and operationalising high-impact vulnerabilities before threat actors can exploit them.

The organisation combines advanced vulnerability research, offensive security engineering, AI-driven automation, and scalable detection tooling to secure enterprise environments worldwide.

Role Overview

As a Vulnerability Engineer, you will operate across the full offensive security lifecycle — from 0-day and n-day vulnerability research through to building automated tooling for exploit validation and detection engineering.

This hybrid research and engineering role is ideal for someone passionate about reverse engineering, patch diffing, binary analysis, Python development, and the practical application of LLMs/AI in cybersecurity workflows.

You will focus on identifying and automating the detection of critical vulnerabilities such as Remote Code Execution (RCE), privilege escalation, authentication bypasses, and other high-severity attack vectors across large-scale attack surfaces.

Key Responsibilities

• Conduct advanced vulnerability research across 0-day and n-day exposures
• Perform patch diffing, reverse engineering, and exploit analysis on source-available and binary-only targets
• Develop and maintain Python-based offensive security tooling
• Build automated workflows for exploit validation, vulnerability discovery, and detection signature generation
• Leverage AI/LLM-powered tooling to accelerate triage, code review, analysis, and research operations
• Research and validate high-impact vulnerabilities including RCE, deserialization flaws, authentication bypasses, and memory corruption issues
• Utilise industry-standard offensive tooling including Burp Suite, Ghidra, IDA Pro, debuggers, and fuzzers
• Collaborate with offensive security and engineering teams to improve detection and remediation capabilities
• Present original research findings to the global cybersecurity community at leading conferences and industry events

Required Skills & Experience

• 2+ years of hands-on experience in vulnerability research, exploit analysis, or offensive security engineering
• Strong understanding of n-day reproduction, patch diffing, and vulnerability validation
• Experience with reverse engineering, binary analysis, and debugging techniques
• Solid programming and software engineering skills with a strong focus on Python
• Practical knowledge of web and binary exploitation techniques
• Hands-on experience with tools such as Burp Suite, Ghidra, IDA Pro, fuzzers, and debuggers
• Understanding of common vulnerability classes including RCE, SSRF, deserialization, authentication bypass, and memory corruption
• Exposure to AI/LLM applications in cybersecurity, automation, or code analysis
• Ability to thrive in a fast-paced, high-growth, startup environment with strong ownership and execution mindset

Desirable Experience

• Experience developing offensive security automation platforms
• Knowledge of exploit development and detection engineering
• Familiarity with cloud, enterprise, or large-scale attack surfaces
• Contributions to the cybersecurity community through research, blogs, tooling, or conference presentations

Vulnerability Research, Offensive Security, Exploit Development, Reverse Engineering, Patch Diffing, Python, Ghidra, IDA Pro, Burp Suite, Binary Analysis, Detection Engineering, AI Security, LLM Security, Fuzzing, Red Team, Application Security, Threat Research, RCE, Security Automation, Cybersecurity Engineering