Web/AI Security Researcher

About PortSwigger:
PortSwigger is a company built around a simple belief: security should empower people, not slow them down. We create world-class tooling that helps security teams and developers uncover and fix real vulnerabilities, the kind that actually matter. Our products are crafted with care, backed by deep research, and shaped by a relentless drive to make the web safer for everyone.

We’re a successful, engineering-led organisation where small squads are empowered to take forward work in a suitable way, high-leverage work. Curiosity fuels us, craftsmanship defines us, and mutual support keeps us growing together. Here, you’ll have real agency, clear direction, and the freedom to push boundaries, supported by thoughtful coaching and a culture that values learning as much as delivery.

PortSwigger Research:

PortSwigger Research exists to push the boundaries of web security by conducting original research into novel attack classes and tooling innovation. They help feed their discoveries directly into the evolution of Burp Suite, and publish them at major conferences including Black Hat USA and DEF CON. This is a group of highly curious, low-ego experts who care deeply about quality, clarity, and helping others succeed. Interested in learning more? You’ll find everything you need in the links below.

portswigger.net/research and https://www.youtube.com/playlist?list=PLoX0sUafNGbEkK0ai5P_DB2HDnljRAJyZ

What you’ll be doing:

• Conduct original, high-impact security research focused on web applications and their AI integrations
  
  
• Discover novel  attack classes affecting websites
  
  
• Build and evolve research tooling and automation, using AI where it meaningfully amplifies human expertise.
  
  
• Publish research through blogs, whitepapers, tools, and conference talks.
  
  
• Collaborate closely with other researchers and product teams to turn research insights into customer value.
  
  
• Engage with the global security community as a trusted, respected voice.
  
  

What we’re looking for:

• A proven track record of high-quality web security or AI security research.
  
  
• Deep understanding of web vulnerabilities, exploitation techniques, and defensive limitations.
• Experience developing custom tooling/scans to enhance your web security workflow, including experimental AI features.
  
  
• Hands-on experience attacking real-world AI/LLM systems.
  
  
• Strong practical skills with Burp Suite
  
  
• Clear, generous communicator who enjoys sharing knowledge.
  
  
• Low ego, high integrity, and a collaborative mindset aligned with PortSwigger’s culture of high performance and high support.

At PortSwigger, we believe people should be paid what they’re truly worth — not just what we could get away with or what the market dictates. That’s why we pay generously above normal market levels, based on each person’s individual skills and contribution.

Our approach works: 95% of Swiggers say they’re mostly or completely satisfied with their pay and benefits.

Alongside a strong base salary, we offer share options and a comprehensive benefits package designed to support both your work and life.

Want to know more? Explore our reward philosophy.