Experian Group
Nottingham, Nottinghamshire
Experian's Offensive Security team charges itself with improving the organisation's security posture through clarifying risk and verifying the efficacy of our technical, people, physical and process controls from an attacker perspective. The team perform regular Adversary Simulation (Red Team) testing and a range of Ad-Hoc and Tactical Assessments based on changes to the threat landscape and organisational needs. To succeed in this role, you have breadth and depth of knowledge in security. This knowledge will include operating systems, networking and protocols, firewalls, databases, and middleware applications. Additionally, you will have expertise in forensics, scripting and programming, vulnerabilities, and the usage of GenAI / social engineering techniques. This is a fully remote, UK-based position reporting to the Head of Offensive Security. Responsibilities Collaborate with other teams within the Cyber Fusion Centre and the wider organisation. This ensures that we understand and articulate Cyber Risks in a threat-informed manner. The ultimate goal is to contribute to the successful defense of the organisation. Support Offensive Security's engagement at multiple organizational levels, from senior leaders to technical analysts to help improve risk understanding and verify the efficacy of remediation/mitigative actions. Participate in performing physical exploitation, network exploitation and social engineering assessments against authorized targets. Use CyberThreat Intelligence, Offensive Security Research, previous Adversary Simulation (Red Team) findings and internal risk intelligence to develop test cases demonstrating TTP effectiveness against Experian's control environment. Research and stay up to date with the latest cyber threats, attack vectors and attacker methodologies. Develop scripts, tools and methodologies to increase Offensive Security's capabilities and educate other team members around automation and AI. Use MITRE ATT&CK Framework and other structured attack analysis tools to describe and classify attacker methodology and significance. About Experian Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at Experience and Skills What your core background is Background in offensive security and adversary simulation. Detailed knowledge of global cyber threats and the procedures used by cyber adversaries. Network penetration testing and manipulation of network infrastructure. Web application penetration testing assessments. Email, phone, or physical social-engineering assessments. Development, extension, or modifying of exploits, shecode or exploit tools. Covert physical intrusion. Cloud security or penetration testing (any major provider). AI Red Teaming/Testing and usage of Agentic AI for automation. Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN or equivalent experience. Specialist skills Proficient in attacker tooling, including post-exploitation frameworks and tooling. Proficient in any of following programming languages (C, C++, C#, Python, PowerShell, Bash, or Ruby) Proficient in Social Engineering techniques across OSINT, phishing, vishing and impersonation. Knowledge of current cloud attack methodologies and mitigations. Experience of Windows Operating System architecture and internals and use thereof in an enterprise environment. Core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems Knowledge of IT technologies and methods to secure them i.e. databases, SharePoint, storage area networks and cloud-based storage. Benefits package includes Great compensation package and discretionary bonus plan Core benefits include pension, bupa healthcare, sharesave scheme and more 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave. Experian is proud to be an Equal Opportunity and affirmative action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. Experian Careers - Creating a better tomorrow together
Experian's Offensive Security team charges itself with improving the organisation's security posture through clarifying risk and verifying the efficacy of our technical, people, physical and process controls from an attacker perspective. The team perform regular Adversary Simulation (Red Team) testing and a range of Ad-Hoc and Tactical Assessments based on changes to the threat landscape and organisational needs. To succeed in this role, you have breadth and depth of knowledge in security. This knowledge will include operating systems, networking and protocols, firewalls, databases, and middleware applications. Additionally, you will have expertise in forensics, scripting and programming, vulnerabilities, and the usage of GenAI / social engineering techniques. This is a fully remote, UK-based position reporting to the Head of Offensive Security. Responsibilities Collaborate with other teams within the Cyber Fusion Centre and the wider organisation. This ensures that we understand and articulate Cyber Risks in a threat-informed manner. The ultimate goal is to contribute to the successful defense of the organisation. Support Offensive Security's engagement at multiple organizational levels, from senior leaders to technical analysts to help improve risk understanding and verify the efficacy of remediation/mitigative actions. Participate in performing physical exploitation, network exploitation and social engineering assessments against authorized targets. Use CyberThreat Intelligence, Offensive Security Research, previous Adversary Simulation (Red Team) findings and internal risk intelligence to develop test cases demonstrating TTP effectiveness against Experian's control environment. Research and stay up to date with the latest cyber threats, attack vectors and attacker methodologies. Develop scripts, tools and methodologies to increase Offensive Security's capabilities and educate other team members around automation and AI. Use MITRE ATT&CK Framework and other structured attack analysis tools to describe and classify attacker methodology and significance. About Experian Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at Experience and Skills What your core background is Background in offensive security and adversary simulation. Detailed knowledge of global cyber threats and the procedures used by cyber adversaries. Network penetration testing and manipulation of network infrastructure. Web application penetration testing assessments. Email, phone, or physical social-engineering assessments. Development, extension, or modifying of exploits, shecode or exploit tools. Covert physical intrusion. Cloud security or penetration testing (any major provider). AI Red Teaming/Testing and usage of Agentic AI for automation. Industry certifications such as OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN or equivalent experience. Specialist skills Proficient in attacker tooling, including post-exploitation frameworks and tooling. Proficient in any of following programming languages (C, C++, C#, Python, PowerShell, Bash, or Ruby) Proficient in Social Engineering techniques across OSINT, phishing, vishing and impersonation. Knowledge of current cloud attack methodologies and mitigations. Experience of Windows Operating System architecture and internals and use thereof in an enterprise environment. Core Information Technology concepts such as TCP/IP networking, Windows & Active Directory, Unix/Linux, Mainframe, Cloud Service Providers, Relational Databases, Data Warehouses, and filesystems Knowledge of IT technologies and methods to secure them i.e. databases, SharePoint, storage area networks and cloud-based storage. Benefits package includes Great compensation package and discretionary bonus plan Core benefits include pension, bupa healthcare, sharesave scheme and more 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave. Experian is proud to be an Equal Opportunity and affirmative action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. Experian Careers - Creating a better tomorrow together
HackerOne Inc.
HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world's largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner's Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024). HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional - it is the standard for forward-thinking companies that want to build trust and resilience in a world where AI-driven innovation and adversaries are moving faster than ever. With the industry shifting, HackerOne stands apart: we combine the ingenuity of the largest security research community with a best-in-class AI-powered platform, trusted by the world's top organizations. HackerOne Values HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability. Privacy Counsel Remote Location: United Kingdom Position Summary HackerOne is seeking a Privacy Counsel to join our Privacy function to support the growing volume and complexity of global data protection, AI governance, and commercial contracting needs across the business. In this role, you will help accelerate product development, sales motions, internal procurement and cross-border data operations by providing thoughtful, practical, and globally relevant privacy support. In addition to our legal and privacy teams, you will work closely with colleagues in our Product, Security, Compliance, Engineering, and Sales to deliver clear guidance, supporting privacy assessments, and review customer and vendor agreements to help us move quickly and responsibly as we grow. This is an individual contributor role ideal for a privacy lawyer who enjoys hands on work, cross functional collaboration, and applying structured legal thinking to emerging technologies. What You Will Do Apply an AI-First approach by using AI tools responsibly to improve research quality, drafting efficiency, and privacy assessment workflows. Demonstrate Change Agility by adapting quickly to evolving global privacy and AI regulations, adjusting guidance as new risks, tools, or requirements emerge. Use First Principles Problem Solving to simplify complex privacy questions, clarify assumptions, and provide clear, structured recommendations. Leverage Data-Driven Decision Making during DPIAs, and related assessments by grounding evaluations in evidence, criteria, and regulatory expectations. Support the current Privacy function with global privacy assessments, including DPIAs, AI DPIAs, TIAs, LIAs, and other structured risk reviews. Review new and existing product features, AI capabilities, and data practices as part of privacy-by-design, identifying risks and opportunities early in development. Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to support global sales and procurement. Maintain and update privacy contractual documentation and internal templates and policies. Create and deliver internal training on privacy and AI governance. As part of the Privacy function, support internal and external privacy audits, coordinate with external advisors, and ensure alignment across business functions on assessment findings and remediation. Monitor evolving privacy laws, case law, AI governance frameworks, and regulatory trends, sharing key insights with stakeholders to maintain compliance and anticipate future requirements. Minimum Qualifications Qualified lawyer (UK or EU) with GDPR experience PQE 5+ years (mix of in house or private practice experience). Years matter less to us than impact. If you have relevant specialist experience, apply even if you don't quite hit the 5+ years. Strong knowledge of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia). Experience drafting and negotiating data processing agreements and handling privacy related issues in a global business context. Proven ability to manage data breaches, regulatory notifications and privacy audits. Excellent communication skills with the ability to simplify complex legal concepts for non legal audiences. Strong understanding of AI technologies, their ethical implications, and related legal frameworks. Excellent analytical, problem solving, and decision making skills with the ability to provide practical and strategic legal advice. Experience in using privacy management systems such as OneTrust is required. Ability to manage multiple priorities and work collaboratively across diverse teams. Comfortable working independently in a fast paced, global environment Preferred Qualifications Certified Information Privacy Professional (CIPP), Artificial Intelligence Governance Professional (AIGP) and other relevant certifications, German language proficiency. Experience in cybersecurity, offensive security, or SaaS environments. Compensation Band UK Tier: £80K - £100K • Offers Equity Job Benefits: Health (medical, vision, dental), life, and disability insurance Equity stock options Retirement plans Paid public holidays and unlimited PTO Paid maternity and parental leave Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act) Employee Assistance Program Flexible Work Stipend Eligibility may differ by country We're committed to building a global team! For certain roles outside the United States, India, the U.K., and the Netherlands, we partner with as our Employer of Record (EOR). Visa/work permit sponsorship is not available. Employment at HackerOne is contingent on a background check. HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time. For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.
HackerOne is a global leader in Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of the world's largest community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprises. Industry leaders, including Anthropic, General Motors, Goldman Sachs, Lufthansa, Uber, UK Ministry of Defence, and the U.S. Department of Defense, trust HackerOne to safeguard their digital ecosystems. HackerOne was recognized in Gartner's Emerging Tech Impact Radar: AI Cybersecurity Ecosystem report for its leadership in AI Security Testing and has been named a Most Loved Workplace for Young Professionals (2024). HackerOne is at a pivotal inflection point in the security industry. Offensive security is no longer optional - it is the standard for forward-thinking companies that want to build trust and resilience in a world where AI-driven innovation and adversaries are moving faster than ever. With the industry shifting, HackerOne stands apart: we combine the ingenuity of the largest security research community with a best-in-class AI-powered platform, trusted by the world's top organizations. HackerOne Values HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability. Privacy Counsel Remote Location: United Kingdom Position Summary HackerOne is seeking a Privacy Counsel to join our Privacy function to support the growing volume and complexity of global data protection, AI governance, and commercial contracting needs across the business. In this role, you will help accelerate product development, sales motions, internal procurement and cross-border data operations by providing thoughtful, practical, and globally relevant privacy support. In addition to our legal and privacy teams, you will work closely with colleagues in our Product, Security, Compliance, Engineering, and Sales to deliver clear guidance, supporting privacy assessments, and review customer and vendor agreements to help us move quickly and responsibly as we grow. This is an individual contributor role ideal for a privacy lawyer who enjoys hands on work, cross functional collaboration, and applying structured legal thinking to emerging technologies. What You Will Do Apply an AI-First approach by using AI tools responsibly to improve research quality, drafting efficiency, and privacy assessment workflows. Demonstrate Change Agility by adapting quickly to evolving global privacy and AI regulations, adjusting guidance as new risks, tools, or requirements emerge. Use First Principles Problem Solving to simplify complex privacy questions, clarify assumptions, and provide clear, structured recommendations. Leverage Data-Driven Decision Making during DPIAs, and related assessments by grounding evaluations in evidence, criteria, and regulatory expectations. Support the current Privacy function with global privacy assessments, including DPIAs, AI DPIAs, TIAs, LIAs, and other structured risk reviews. Review new and existing product features, AI capabilities, and data practices as part of privacy-by-design, identifying risks and opportunities early in development. Draft, review, and negotiate data processing agreements (DPAs), privacy terms, and commercial contracts to support global sales and procurement. Maintain and update privacy contractual documentation and internal templates and policies. Create and deliver internal training on privacy and AI governance. As part of the Privacy function, support internal and external privacy audits, coordinate with external advisors, and ensure alignment across business functions on assessment findings and remediation. Monitor evolving privacy laws, case law, AI governance frameworks, and regulatory trends, sharing key insights with stakeholders to maintain compliance and anticipate future requirements. Minimum Qualifications Qualified lawyer (UK or EU) with GDPR experience PQE 5+ years (mix of in house or private practice experience). Years matter less to us than impact. If you have relevant specialist experience, apply even if you don't quite hit the 5+ years. Strong knowledge of EU/UK GDPR and familiarity with global privacy laws (US, Middle East, Asia). Experience drafting and negotiating data processing agreements and handling privacy related issues in a global business context. Proven ability to manage data breaches, regulatory notifications and privacy audits. Excellent communication skills with the ability to simplify complex legal concepts for non legal audiences. Strong understanding of AI technologies, their ethical implications, and related legal frameworks. Excellent analytical, problem solving, and decision making skills with the ability to provide practical and strategic legal advice. Experience in using privacy management systems such as OneTrust is required. Ability to manage multiple priorities and work collaboratively across diverse teams. Comfortable working independently in a fast paced, global environment Preferred Qualifications Certified Information Privacy Professional (CIPP), Artificial Intelligence Governance Professional (AIGP) and other relevant certifications, German language proficiency. Experience in cybersecurity, offensive security, or SaaS environments. Compensation Band UK Tier: £80K - £100K • Offers Equity Job Benefits: Health (medical, vision, dental), life, and disability insurance Equity stock options Retirement plans Paid public holidays and unlimited PTO Paid maternity and parental leave Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act) Employee Assistance Program Flexible Work Stipend Eligibility may differ by country We're committed to building a global team! For certain roles outside the United States, India, the U.K., and the Netherlands, we partner with as our Employer of Record (EOR). Visa/work permit sponsorship is not available. Employment at HackerOne is contingent on a background check. HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time. For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.