watchTowr

Senior Deception Engineer

watchTowr

full-time

Posted on:

Location Type: Remote

Location: United Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudLinuxPythonSMTP

About the role

  • Help design, build, and operate large-scale deception infrastructure within our hyper-realistic Attacker Eye global honeypot network, emulating real-world systems, services, and applications exposed to the internet.
  • Engineer and maintain high-interaction deception assets that capture authentic attacker behavior, exploitation workflows, and post-exploitation activity across multiple protocols and technology stacks.
  • Continuously evolve deception tactics by tracking attacker tradecraft, emerging vulnerabilities, and exploitation techniques to ensure environments remain believable and resistant to fingerprinting.
  • Instrument, enrich, and analyze deception telemetry , transforming raw log data into high-quality signals.
  • Generate automated reports from raw log data , producing structured insights on attacker behavior, exploitation trends, and campaign activity for internal and external consumption.
  • Rapidly deploy new deception scenarios in response to emerging N-day and 0-day vulnerabilities, active exploitation campaigns, and shifts in adversary behavior.
  • Collaborate closely with Detection Engineering and Threat Intelligence teams to convert deception telemetry into production detections and actionable intelligence.
  • Share insights across the organization , working with Labs, Marketing, Product, and other teams to help communicate emerging threats, research findings, and attacker trends.
  • Contribute original research and publications , documenting attacker behavior, deception methodology, and exploitation patterns for both internal stakeholders and the wider security community.
  • Own and improve the deception lifecycle , from implementation, deployment through, data quality, and long-term signal value.

Requirements

  • 7+ years in security engineering, offensive security, detection engineering, threat research, or related hands-on technical roles.
  • 3+ years working directly with honeypots, deception systems, or internet-facing security telemetry at scale.
  • Experience working in an early-stage B2B startup focusing on enterprise clients.
  • Strong understanding of attacker tradecraft , including exploitation chains, post-exploitation behavior, automation frameworks, and tooling.
  • Proven experience building or modifying network services, protocols, or application stacks to emulate real production environments.
  • Deep familiarity with Linux internals, networking, and common internet protocols (HTTP(S), SSH, SMTP, FTP, databases, RPC, etc.).
  • Strong Python proficiency , with experience writing custom services, emulators, instrumentation, and automation tooling.
  • Experience working with cloud infrastructure , containers, and infrastructure-as-code to deploy deception systems globally.
  • Comfort operating in high-noise, adversarial environments , iterating quickly as attackers adapt their behavior.
  • Familiarity with log pipelines and analysis platforms (e.g., OpenSearch / ELK) to validate deception quality and attacker engagement.
Benefits
  • Competitive compensation - we believe that hard work, skills and ambition should be fairly compensated.
  • Meaningful role in a company - You will be a key and early contributor to a fast-growing cybersecurity business that helps protect some of the world's largest enterprises.
  • The best tools and powerful kit - we enable you with the tools to effectively fulfil your role.
  • Endless opportunities – we are in a high-growth phase of our journey, and plan to promote from within as we scale.
  • Work with cyber security experts – we are solving cutting-edge industry-wide cyber security challenges with some of the world’s most advanced organisations.
  • watchTowr is proud to be an Equal Opportunity Employer At watchTowr, we’re dedicated to fostering an inclusive, respectful, and diverse environment where every individual is recognised for their talent and potential.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security engineeringoffensive securitydetection engineeringthreat researchhoneypotsdeception systemsPythonLinux internalsnetwork servicesautomation frameworks
Soft Skills
collaborationcommunicationresearchadaptabilityproblem-solving