Cyber Security Engineer - Deception & Honeypot Specialist
Location: UK (fully remote - work from anywhere, including overseas)
Salary: Up to £85,000 + benefits
About the role
We're looking for a Cyber Security Engineer with deep expertise in deception technologies and honeypots to help us build and operate highly realistic, internet-facing security environments.
This is a hands-on engineering role focused on active defence, attacker engagement, and turning adversary behaviour into high-quality detection signals and threat intelligence. You'll work at scale, move quickly, and operate where real attackers live.
What you'll be doing
Design, deploy and run large-scale deception infrastructure, including high-interaction honeypots and decoy services exposed to the internet
Build believable emulations of real systems, applications and protocols that withstand fingerprinting and attacker scrutiny
Capture, enrich and analyse real attacker behaviour, from initial access through exploitation and post-exploitation
Continuously adapt deception techniques based on emerging vulnerabilities, exploitation trends and adversary tradecraft
Transform raw telemetry and logs into actionable security signals, detections and structured intelligence
Rapidly roll out new deception scenarios in response to active exploitation, N-day and zero-day events
Work closely with Detection Engineering and Threat Intelligence to productionise insights
Produce automated analysis and reporting on attacker activity, campaigns and techniques
Share findings across engineering, research, product and go-to-market teams
Contribute to original research, blogs or publications for the wider security community
Own the full deception lifecycle: build quality, deployment, data integrity and long-term signal value
What we're looking for
7+ years' experience in cyber security engineering, detection engineering, threat research, offensive security or similar hands-on roles
3+ years working with honeypots, deception platforms or large-scale internet telemetry
Strong understanding of modern attacker behaviour, including exploitation chains, tooling and post-exploitation workflows
Experience building or modifying network services, protocols or application stacks to mimic real production systems
Deep knowledge of Linux, networking and common internet protocols (HTTP/S, SSH, SMTP, FTP, databases, RPC, etc.)
Strong Python skills, including building services, emulators, instrumentation and automation
Experience deploying systems using cloud platforms, containers and infrastructure-as-code
Comfortable operating in noisy, adversarial environments where attackers actively adapt
Familiarity with log pipelines and analysis platforms such as ELK / OpenSearch
Background working in a startup or fast-moving B2B environment is a strong plus
Why join us?
Fully remote role with genuine work-from-anywhere flexibility
Work on real attacker activity, not synthetic lab data
High trust, low bureaucracy engineering culture
Opportunity to influence detection, research and product direction
Competitive salary up to £85k, plus healthcare, holidays and bonus scheme online in 2026
Apply now to take ownership of your next challenge and shape the future of offensive security. Email security@circlerecruitment.com if you don't want to upload your CV to the job board.
Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter - @Circle_Rec and LinkedIn - Circle Recruitment.
