How to Apply to Darktrace PLC

Key Takeaways

The canonical careers portal is darktrace.wd3.myworkdayjobs.com (the DarktaceExternal Workday tenant), fronted at darktrace.com/company/careers. External registry references to a Greenhouse board are out of date or never reflected production reality; the live apply experience is Workday.
Darktrace plc is a Cambridge UK-headquartered cybersecurity company of roughly 2,500 employees, founded in 2013 by Cambridge mathematicians and ex-MI5/GCHQ personnel with early backing from Mike Lynch's Invoke Capital, built around unsupervised machine learning with the flagship Enterprise Immune System now re-architected as the Darktrace ActiveAI Security Platform spanning Detect, Respond (Antigena), Heal, Prevent, and Cyber AI Analyst across network, email, cloud, OT/IoT, identity, and endpoint surfaces.
The company was taken private by Thoma Bravo for $5.32 billion at 620p per share in October 2024, completing a four-year run on the London Stock Exchange that had included a 2021 IPO, significant share-price volatility, the 2023 Quintessential Capital Management short-report episode (which Darktrace strongly rejected and which an independent EY review found no material misstatement against), and periodic bid speculation. The shares were delisted from the LSE in October 2024.
Founding CEO Poppy Gustafsson stepped down shortly after completion of the take-private in 2024 and was succeeded by Jill Popelka, an experienced enterprise software executive previously at SAP SuccessFactors. The company carried out a round of layoffs in late 2024 as part of a standard PE-era operational reset, alongside continued investment in product, engineering, and US-focused go-to-market.
Apply at darktrace.wd3.myworkdayjobs.com using the Workday filters by country, office, and Job Category. Create a single Workday candidate account in the Darktrace tenant and reuse it across applications. Upload a parser-friendly PDF CV, review the auto-populated form fields, and complete the structured fields including salary expectation and right-to-work status.
Interviews are structured: Talent Acquisition screen, hiring-manager deep dive, technical or role-specific exercise (take-home coding for engineering, applied ML modelling for research, demo simulation for solutions engineering, role play for sales, structured analytical exercise for threat research), peer and skip-level panel, and final senior leadership conversation. Timelines run four to eight weeks for individual contributor roles, longer for principal and senior leadership positions.
English is the working language across the company. Local language fluency is highly valued in regional sales and customer-success teams (German for DACH, French for France and parts of EMEA, Japanese for Tokyo, Spanish and Portuguese for LATAM, Mandarin for Singapore-routed Greater China, Arabic for the Dubai-based MEA team). State language levels honestly with CEFR ratings.
The Cambridge headquarters at the Maurice Wilkes Building on the West Cambridge campus remains the centre of gravity for engineering, threat research, and Group functions, with London hosting commercial leadership and finance, New York and Atlanta as the US dual hub, and offices in Paris, Munich, Tokyo, Sydney, Mumbai, Singapore, Toronto, and a network of regional offices supporting a globally distributed sales motion. Hybrid attendance expectations are role and team specific.
The competitive landscape is crowded and well-funded: CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Vectra AI, ExtraHop, Corelight, Arista NDR for endpoint and network detection; Proofpoint, Abnormal Security, Mimecast for email; the converging Microsoft Defender suite for E5-aligned shops. Candidates who engage the competitive landscape honestly (where Darktrace wins, where it loses, where the market is going) earn credibility across panels.
Following the Thoma Bravo take-private the operating model is recognisably PE-era: clearer financial discipline, sharper resource allocation, faster integration, and the standard emphasis on Rule of 40, ARR growth, gross and net retention, and operational efficiency. Candidates who have operated successfully inside a PE-style cadence integrate quickly; candidates expecting an LSE-era growth-at-all-costs operating model will need to recalibrate.

About Darktrace PLC

Darktrace plc is a Cambridge UK-headquartered cybersecurity company built around unsupervised machine learning that detects, investigates, and responds to cyber threats by learning the unique pattern of life of every device, user, and connection inside an enterprise network rather than relying on signatures of previously known attacks. Founded in 2013 in Cambridge by a small group of mathematicians and former intelligence professionals — most notably mathematicians from the University of Cambridge in collaboration with ex-MI5 and GCHQ personnel, with early backing from Mike Lynch's Invoke Capital — the company grew rapidly through the 2010s on the strength of its flagship Enterprise Immune System platform, which positioned itself as a categorically different approach to security: instead of writing rules for known bad behaviour, Darktrace built unsupervised models that learn what is normal and surface what is anomalous, with the original brand metaphor borrowed deliberately from the human immune system. That platform has since been re-architected and rebranded as the Darktrace ActiveAI Security Platform, organised around five product families: Detect, Respond (the Antigena autonomous response capability), Heal, Prevent, and Cyber AI Analyst, covering network, email, cloud, OT/IoT, identity, and endpoint surfaces. The company employs roughly 2,500 people globally, headquartered in Cambridge with offices in London, New York City, Atlanta, Paris, Tokyo, Sydney, Mumbai, Munich, Singapore, Toronto, and a long list of regional sales hubs, making it one of the largest standalone European cybersecurity vendors and one of a small number of UK-grown enterprise software companies of meaningful international scale. The corporate history is genuinely eventful and any candid candidate guide has to deal with that history honestly. Darktrace listed on the London Stock Exchange in April 2021 under the ticker DARK at an initial price of 250p, valuing the business at roughly £1.7 billion. The IPO was unusually closely watched both because Darktrace was one of the largest UK technology IPOs in the post-Brexit period and because of the long shadow of the Mike Lynch and Sushovan Hussain Autonomy fraud trial in the United States — Mike Lynch had been a founding investor and chair of Darktrace through Invoke Capital, and Sushovan Hussain had also been a director, and the Autonomy litigation overhang weighed on the IPO valuation and on subsequent share-price volatility. The shares performed well in the first year and reached a high above 900p in 2021 before reversing sharply through 2022. In January 2023 the short seller Quintessential Capital Management (QCM) published a critical short report alleging concerns about the company's accounting and sales practices; Darktrace strongly rejected the allegations and commissioned an independent review by EY, which was published in mid-2023 and found no evidence of material misstatement. Despite the EY review the share price remained volatile through 2023 and into 2024, with bid speculation surfacing periodically. In April 2024 Darktrace announced a recommended cash offer from Thoma Bravo, the US technology-focused private equity firm, at 620p per share, valuing the business at approximately $5.32 billion. The deal completed and Darktrace was delisted from the LSE in October 2024, becoming a wholly owned Thoma Bravo portfolio company. CEO Poppy Gustafsson, who had led the business since 2016 and through the IPO, stepped down shortly after completion of the take-private; she was succeeded as CEO by Jill Popelka, an experienced enterprise software executive previously at SAP SuccessFactors. Following the take-private the company carried out a round of layoffs in late 2024 as part of the standard PE-era operational reset, alongside continued investment in product, engineering, and go-to-market in the priority growth markets — particularly the United States. Commercially, Darktrace operates in a crowded and well-funded enterprise security market against several distinct competitor sets: endpoint and XDR vendors (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint), network detection and response (Vectra AI, ExtraHop, Corelight, Arista NDR), email security (Proofpoint, Abnormal Security, Mimecast), and the converging Microsoft Defender suite which bundles E5 customers into Microsoft's security stack. The Darktrace pitch — that an unsupervised, self-learning model layered across multiple surfaces produces detections that signature-based and supervised approaches miss, and that Cyber AI Analyst can triage and contextualise those detections at machine speed — resonates strongly with security teams that value autonomous response and with mid-market customers who lack the SOC headcount to chase alerts. The pitch is challenged by buyers who want best-of-breed point products, by Microsoft-aligned shops, and by skeptics of the AI-marketing framing. Candidates should expect both kinds of customers in any commercial conversation. The Cambridge headquarters in Maurice Wilkes Building on the West Cambridge campus remains the centre of gravity for engineering, threat research, the Cyber AI Research Centre, and Group functions, with London (the City) hosting commercial leadership and finance, New York and Atlanta as the US dual hub, and Paris, Munich, Tokyo, Sydney, Mumbai, Singapore, Toronto, and a network of regional offices supporting a globally distributed sales and customer-success motion. English is the working language across the company. The culture is recognisably British-rooted technical with a strong Cambridge maths and physics flavour in research and product, layered on top of a globally distributed and very metrics-driven sales organisation that scaled hard through the late 2010s and into the IPO. Going forward, candidates should calibrate for a private-equity operating cadence: clearer financial discipline, sharper resource allocation, more focused product investment, faster integration of acquisitions, and the standard Thoma Bravo emphasis on Rule of 40, ARR growth, gross retention, and operational efficiency.

ATS System: Workday (darktrace.wd3.myworkdayjobs.com / DarktaceExternal site), fronted at darktrace.com/company/careers

Darktrace plc's authoritative applicant tracking system is Workday, hosted at darktrace.wd3.myworkdayjobs.com with the candidate-facing site name DarktaceExternal (note the spelling, which is a long-standing tenant configuration quirk). The careers experience is fronted at darktrace.com/company/careers, which links into the Workday job listing and apply flow. Workday handles the requisition catalogue, the application form, the candidate profile, the document parser, the equal-opportunity questions, the structured workflow stages, and the offer process; downstream onboarding integrates with Workday HCM as the underlying HR system of record across many Darktrace entities. Some external recruitment databases and registry sources have historically referenced a Greenhouse board for Darktrace at boards.greenhouse.io/darktrace; that reference is out of date or never reflected production reality — the live, candidate-facing apply experience runs through Workday at darktrace.wd3.myworkdayjobs.com, and the Greenhouse URL returns no jobs through the Greenhouse public API. Aggregator listings on LinkedIn Jobs, Indeed, Glassdoor, Otta/Welcome to the Jungle, and cybersecurity-specific job boards carry Darktrace postings in many markets, but the apply link routes to the same Workday portal. Treat the Workday URL as the source of truth and ignore aggregator-hosted apply forms that try to short-circuit the journey.

Bookmark darktrace.wd3.myworkdayjobs.com/DarktaceExternal as the canonical apply URL. Aggregators are real but always link back to the Workday flow; submit there, not on the aggregator.
Create one Workday candidate account in the Darktrace tenant and reuse it across applications. The profile persists upload history and structured fields, which materially speeds up subsequent applications.
Ignore external registry references to a Greenhouse board for Darktrace; that path returns no jobs and is not the production apply experience.
Upload a parser-friendly PDF CV (single column, standard fonts, no images of text, no decorative skill bars) and review the auto-populated form fields after upload. The Workday parser is decent but not perfect on dates and employer formatting.
Tailor the cover letter to the named team and product family. A Detect-focused cover letter that talks generically about cybersecurity reads weaker than one that names the specific product surface and the customer outcome.
Name a salary expectation honestly: base only or base plus OTE for sales, with the local currency. Leaving it blank is a small negative in UK and US hiring norms.
Use the location, country, and Job Category filters before browsing. The catalogue spans 80 to 100 plus open requisitions across roughly 14 countries at any given time.
Watch your spam folder for follow-up communications from Workday and from the Darktrace Talent Acquisition team. Whitelist myworkdayjobs.com and darktrace.com.
Use the My Applications dashboard inside Workday to track status. Status updates are slower than candidates expect; two to four weeks for individual contributor roles is normal, longer for senior leadership and principal-level technical roles.
If you are pursuing the Cambridge Graduate Programme or an Intern Programme, apply early in the autumn cycle and use the early-career filters in Workday when they appear.

Interview Culture

Darktrace interviews are structured, technical where appropriate, and meaningfully different across the engineering, research, commercial, and operational tracks.

For Cambridge headquarters engineering, threat research, and Cyber AI Research Centre roles the typical pattern is a Talent Acquisition screen by phone or video (30 to 45 minutes) covering motivation, location and visa, salary expectations, and a high-level walk through the CV; a hiring-manager interview running 60 to 90 minutes that goes deep on a recent project; a technical assessment (a take-home coding exercise in Python, Go, C++, or TypeScript depending on the team, or an applied ML modelling exercise for research and data science roles); a panel round including a peer engineer or researcher and a skip-level engineering or research leader, with system design discussion for senior and principal candidates; and for senior or principal roles a final conversation with a member of the Engineering or Research leadership team. End-to-end timelines run four to eight weeks for individual contributor roles and longer for senior leadership and principal positions where the panel takes longer to assemble. For commercial roles (Account Executive, Sales Development Representative, Solutions Engineering, Customer Success, Channel/Partner) the typical pattern is a Talent Acquisition screen, a hiring-manager interview deep-diving on territory, quota history, and customer narratives; a structured exercise (a customer demo simulation for Solutions Engineers, a discovery-call role play or a written account plan for Account Executives, a customer-meeting role play for Customer Success Managers, a SDR pitch and outbound exercise for SDR candidates); a panel round including peers and a skip-level commercial leader; and for senior and leadership roles a final conversation with a regional Vice President or with a member of the Chief Revenue Officer's leadership team. Compensation conversations are handled by Talent Acquisition late in the process and OTE structures are clearly defined upfront for sales roles. Threat research interviews deserve a specific note: candidates should expect a structured analytical exercise involving real or sanitised network or telemetry data, log analysis, and a written threat narrative or detection rule, plus a discussion of recent incident families (BEC, ransomware, living-off-the-land, supply chain, OAuth abuse, OT/ICS targeting) and how the candidate would think about detection coverage versus false-positive cost. The bar for clear written communication and for honest self-assessment of trade-offs is high. Bring concrete examples of detections you have built, incidents you have responded to, and analytical frameworks you have used; vague generalisations about 'AI for security' read poorly in a research interview. For operational, finance, legal, HR, and corporate roles the pattern resembles standard enterprise software hiring: Talent Acquisition screen, hiring-manager interview, peer and skip-level panel, function-specific exercise where appropriate (a financial modelling exercise, a contract-redline exercise, a people-case study), and a final senior leadership conversation. Following the Thoma Bravo take-private, expect operational and finance roles in particular to probe explicitly for evidence of having operated inside a PE-style operating model, with familiarity with Rule of 40, ARR growth, gross and net retention, expansion mechanics, and cost-discipline trade-offs. Compensation structures vary by role, geography, and seniority. Engineering and research base salaries are competitive within UK and US markets, with London and US salaries materially higher than Cambridge salaries for equivalent levels (though Cambridge cost-of-living differences partially offset). Sales roles are structured with a base plus on-target variable in the standard enterprise software pattern, with accelerators above quota and SPIFs running for specific product families and competitive-displacement plays. Stock-based equity compensation has reset following the take-private — the LSE-listed share-based long-term incentive plan no longer applies — and the new equity vehicle reflects the standard PE-portfolio model with a management-equity programme for relevant levels. Benefits across UK and US markets are competitive (private medical, pension or 401k matching, life insurance, parental leave, learning and development budget, sports and wellness benefits, generous annual leave). Background checks are proportionate by role and geography: standard right-to-work and reference checks for most professional roles, more thorough for finance, legal, security-cleared, and senior leadership positions. Verbal offers are followed by a written contract within one to two weeks; counter-signed contracts typically land within four weeks of the verbal offer for individual contributor roles.

What Darktrace PLC Looks For

Genuine intellectual interest in the security problem and in the unsupervised-learning approach. Candidates who can speak credibly to why an unsupervised, self-learning model layered across multiple surfaces produces detections that signature-based and supervised approaches miss, and who can engage honestly with the trade-offs (false positive rate, model drift, alert fatigue, explainability) read as ready to contribute. Generic 'I'm interested in AI' framing reads weakly; specific 'I have thought about how to detect novel beaconing patterns without prior signatures' framing reads strongly.
Operational rigour with real numbers. Whether you are an engineer, a researcher, a salesperson, or a customer success manager, Darktrace hires for evidence-based thinking. Bring real numbers (deployment frequency, p99 latency, ACV, retention, model lift in production, MTTR improvement) rather than adjective-heavy storytelling. The Cambridge intellectual culture is allergic to vague claims that do not survive scrutiny.
Comfort with a privately-held, PE-owned operating cadence. Following the October 2024 Thoma Bravo take-private, the operating model is recognisably PE-era: clearer financial discipline, sharper resource allocation, faster integration of any acquisitions, and the standard Thoma Bravo emphasis on Rule of 40, ARR growth, gross retention, and operational efficiency. Candidates who have shipped and contributed inside a similar cadence (other Thoma Bravo or PE-owned software portfolio companies, or financially disciplined growth-stage businesses) integrate quickly.
Domain literacy in cybersecurity. Candidates with credible exposure to MITRE ATT&CK, the cyber kill chain, common detection engineering frameworks, threat intelligence sources, network protocols, email authentication, cloud control planes, identity protocols, endpoint telemetry, and the language of incident response (TTPs, IoCs, dwell time, MTTR) integrate faster than candidates who treat security as backdrop to an AI conversation.
Quality of written and verbal communication. Cambridge culture and the broader Darktrace research and engineering culture place high value on clear written communication: design documents, RFCs, threat narratives, post-mortems, and customer-facing technical narratives. Candidates whose interview answers are structured, specific, and honest about uncertainty read as stronger than candidates who optimise for confident-sounding generalities. Take-home assessments are evaluated as much for written explanation and trade-off framing as for the underlying solution.
Multi-product, multi-surface thinking. The ActiveAI Security Platform spans network, email, cloud, OT/IoT, identity, and endpoint surfaces, with cross-surface intelligence as a key part of the value proposition. Candidates who can reason across surfaces (how a phishing email leads to credential abuse, which leads to lateral movement, which lands as ransomware on an endpoint and exfiltration via a cloud bucket) read as commercially and technically sophisticated. Single-surface specialists are valuable too; the cross-surface thinking is a differentiator.
Calm, professional engagement with the company's recent history. The 2021 LSE IPO, the 2023 QCM short-report episode (and the EY independent review that followed), the periodic share-price volatility, the 2024 Thoma Bravo take-private at $5.32B, the LSE delisting, the CEO transition from Poppy Gustafsson to Jill Popelka, and the late-2024 layoffs are all real facts. Candidates who engage these topics calmly and factually (without conspiracy-tinged framing about short-sellers and without minimising the real volatility) read as professionally mature. Volunteering these topics unprompted reads as overconfidence; answering competency questions with calm specifics reads as readiness.
Customer-centric framing. Darktrace's commercial success has historically come from customers who buy because the product produces real detections that real attackers care about, not because of a marketing narrative. Candidates whose interview answers consistently centre customer outcomes (a real incident the product caught, a real false-positive class the product needed to eliminate, a real renewal narrative driven by demonstrated value) read materially better than candidates who centre the product or themselves.
Realistic engagement with the competitive landscape. Darktrace competes against named, well-funded competitors (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Vectra AI, ExtraHop, Corelight, Arista NDR, Proofpoint, Abnormal Security, Mimecast). Candidates who can speak honestly about where Darktrace wins, where it loses, and where the market is going (Microsoft consolidation pressure, AI-marketing fatigue, autonomous-response value, mid-market SOC constraints) earn credibility across both technical and commercial panels.
Cultural fit with a Cambridge-rooted technical company that has scaled internationally. The company carries a recognisable British-rooted technical and intellectual culture, with a strong Cambridge maths and physics flavour in research and product, layered on top of a globally distributed and very metrics-driven sales organisation. Candidates who appreciate that combination — quiet technical depth at the centre, energetic commercial execution at the edges — and who can move comfortably across both sides of the company integrate well.

Frequently Asked Questions

What ATS does Darktrace actually use and where do I apply?

Darktrace plc uses Workday as its applicant tracking system, hosted at darktrace.wd3.myworkdayjobs.com with the candidate-facing site name DarktaceExternal (note the spelling, which is a long-standing tenant configuration quirk). The careers experience is fronted at darktrace.com/company/careers, which links into the Workday job listing and apply flow. Workday handles the requisition catalogue, the application form, the candidate profile, the document parser, the equal-opportunity questions, the workflow stages, and the offer process; downstream onboarding integrates with Workday HCM. Some external recruitment databases and registry sources have historically referenced a Greenhouse board for Darktrace at boards.greenhouse.io/darktrace; that reference is out of date or never reflected production reality, and the Greenhouse public API returns no jobs for that slug. Aggregator listings on LinkedIn Jobs, Indeed, Glassdoor, and cybersecurity-specific job boards carry Darktrace postings in many markets but always link back to the same Workday portal. Treat darktrace.wd3.myworkdayjobs.com/DarktaceExternal as the canonical apply URL.

Do I need to be in Cambridge to work for Darktrace?

No, but Cambridge remains the centre of gravity for engineering, threat research, the Cyber AI Research Centre, and Group functions. Many requisitions for these teams expect a hybrid pattern with three to five days a week on site at the Maurice Wilkes Building on the West Cambridge campus. London hosts commercial leadership and finance. The US is a dual-hub model centred on New York and Atlanta with field offices in Arlington, Charlotte, Miami, Dallas, Phoenix, and a number of remote-by-state field positions. Internationally, Paris, Munich, Tokyo, Sydney, Mumbai, Singapore, Toronto, and a network of regional offices support a globally distributed sales motion. Each Workday requisition names the office and the attendance expectation; read it carefully and address relocation realistically in the cover letter or in the Talent Acquisition screen if you are not local.

What is pay like and is it competitive?

Darktrace compensation is competitive within UK and US enterprise software markets, with London and US salaries materially higher than Cambridge salaries for equivalent levels (though Cambridge cost-of-living differences partially offset). Engineering and research base salaries are competitive within their respective markets; sales roles are structured with a base plus on-target variable in the standard enterprise software pattern, with accelerators above quota and SPIFs running for specific product families and competitive-displacement plays. Stock-based equity compensation has reset following the October 2024 Thoma Bravo take-private — the LSE-listed share-based long-term incentive plan no longer applies — and the new equity vehicle reflects the standard PE-portfolio model with a management-equity programme for relevant levels. Benefits across UK and US markets are competitive (private medical, pension or 401k matching, life insurance, parental leave, learning and development budget, sports and wellness benefits, generous annual leave). Always name a salary expectation in your application; for sales roles, name base and OTE separately.

What happened with the Thoma Bravo take-private and what does it mean for employees?

In April 2024 Darktrace announced a recommended cash offer from Thoma Bravo at 620p per share, valuing the business at approximately $5.32 billion. The deal completed and Darktrace was delisted from the London Stock Exchange in October 2024, becoming a wholly owned Thoma Bravo portfolio company. For employees the practical implications are recognisable PE-era operating discipline: clearer financial targets, sharper resource allocation, more focused product investment, faster integration of any acquisitions, and the standard Thoma Bravo emphasis on Rule of 40, ARR growth, gross and net retention, expansion, and operational efficiency. The LSE-listed share-based long-term incentive plan no longer applies; the new equity vehicle reflects the standard PE-portfolio model with a management-equity programme for relevant levels. Following the take-private, founding CEO Poppy Gustafsson stepped down and was succeeded by Jill Popelka, previously at SAP SuccessFactors, and the company carried out a round of layoffs in late 2024 as part of the operational reset. Candidates joining now should expect a privately-held, PE-owned operating cadence rather than the LSE-listed growth-at-all-costs model.

What was the Quintessential Capital short report and how should I think about it?

In January 2023 the short seller Quintessential Capital Management (QCM) published a critical short report alleging concerns about Darktrace's accounting and sales practices. Darktrace strongly rejected the allegations and commissioned an independent review by EY, which was published in mid-2023 and found no evidence of material misstatement. The episode contributed to share-price volatility through 2023 and was part of the broader pressure on the LSE-listed business that ultimately preceded the Thoma Bravo bid in 2024. For candidates, the topic will sometimes come up in interview, particularly for finance, legal, audit, internal controls, RevOps, and senior leadership roles. The right framing is calm and factual: the allegations were serious, Darktrace contested them robustly, the independent EY review found no material misstatement, the share price recovered through the bid premium, and the company is now operating as a Thoma Bravo portfolio company under a new CEO with a refreshed operating cadence. Do not foreground or volunteer the topic in your CV or cover letter; treat it as professional context that you can discuss with calm specifics if asked.

Is Darktrace a good place to work for someone interested in AI and ML research?

Yes, with realistic expectations. The Cyber AI Research Centre and the broader research and detection-engineering organisation work on genuinely interesting applied ML problems: unsupervised anomaly detection on streaming data at enterprise scale, multi-surface correlation across network, email, cloud, identity, and endpoint telemetry, autonomous response decisioning under uncertainty, explainability for security analysts, model drift in adversarial environments, and the application of large language models to triage and narrative generation in the Cyber AI Analyst product. The work is applied rather than primarily academic — production constraints, latency budgets, false-positive cost, and customer-explainability requirements shape the problem space — but the intellectual depth is real and the Cambridge research culture is genuine. Candidates with strong applied ML backgrounds (Cambridge, Oxford, Imperial, UCL, ETH, EPFL, MIT, Stanford, CMU, Berkeley and similar) and with an interest in security as a domain rather than a generic AI playground integrate well. The company publishes research, files patents, and contributes to the broader security and ML communities.

Does Darktrace hire graduates and interns?

Yes. Darktrace runs a structured Graduate Programme covering analyst, engineering, and threat-research tracks based primarily out of Cambridge, with historical recruiting strength at Cambridge, Oxford, Imperial, UCL, Warwick, Edinburgh, the broader Russell Group, and selected European technical universities (ETH Zurich, EPFL, TU Munich, Paris Sciences et Lettres). There is also an established Intern Programme that runs in summer windows and feeds the graduate pipeline. For US early-career hiring the Sales Development Representative pipeline based out of Atlanta and other US hubs is the most common entry point into the commercial organisation. Apply through the same Workday portal at darktrace.wd3.myworkdayjobs.com using the early-career filters when they appear; postings cluster in the autumn for graduate roles starting the following summer and in the winter for summer internships. Career fairs at the named universities and at the Darktrace Cambridge office are the right physical touchpoints.

What is the interview process and how long does it take?

For Cambridge headquarters engineering, threat research, and Cyber AI Research Centre roles, plan on a Talent Acquisition screen by phone or video (30 to 45 minutes), a hiring-manager interview running 60 to 90 minutes, a technical assessment (a take-home coding exercise in Python, Go, C++, or TypeScript depending on the team, or an applied ML modelling exercise), a panel round including a peer engineer or researcher and a skip-level engineering or research leader (with system design discussion at senior levels), and for senior or principal roles a final conversation with a member of the Engineering or Research leadership team. For commercial roles plan on a Talent Acquisition screen, a hiring-manager deep dive on territory and quota history, a structured exercise (demo simulation for Solutions Engineers, discovery role play or written account plan for Account Executives, customer-meeting role play for Customer Success), a peer and skip-level panel, and a final regional Vice President conversation. End-to-end timelines run four to eight weeks for individual contributor roles and longer for senior leadership and principal positions where the panel takes longer to assemble. Verbal offers are followed by a written contract within one to two weeks; counter-signed contracts typically land within four weeks of the verbal offer for individual contributor roles.

Does Darktrace sponsor visas?

Yes, on a role-by-role basis. Darktrace sponsors UK Skilled Worker visas and US H-1B (and where eligible O-1) visas for specific roles, particularly senior engineering, research, and field positions, and supports relocation to its named offices on a case-by-case basis. State your work-authorisation status in the cover letter or in the Workday application form (UK or EU citizen, settled or pre-settled status, current Skilled Worker visa with end date, US citizen or green-card holder, current H-1B with transfer eligibility, etc.) and your language level honestly. Surprises late in the process are the most common reason an otherwise strong candidate stalls. For US federal-adjacent customer pipelines (the Public Sector and US Federal commercial team works with US government and government-adjacent customers), citizenship or specific clearance status may be a hard requirement on a small subset of postings; check the requisition body carefully.

How does Darktrace compete against CrowdStrike, Microsoft Defender, and the rest of the security market?

Darktrace competes in a crowded and well-funded enterprise security market against several distinct competitor sets: endpoint and XDR vendors (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint), network detection and response (Vectra AI, ExtraHop, Corelight, Arista NDR), email security (Proofpoint, Abnormal Security, Mimecast), and the converging Microsoft Defender suite which bundles E5 customers into Microsoft's security stack. The Darktrace pitch — that an unsupervised, self-learning model layered across multiple surfaces produces detections that signature-based and supervised approaches miss, and that Cyber AI Analyst can triage and contextualise those detections at machine speed — resonates strongly with security teams that value autonomous response and with mid-market customers who lack the SOC headcount to chase alerts. The pitch is challenged by buyers who want best-of-breed point products from category leaders, by Microsoft-aligned shops that get Defender bundled in their E5 licence, and by skeptics of the AI-marketing framing in security. For commercial candidates, being able to articulate honestly where Darktrace wins (autonomous response, multi-surface coverage, mid-market SOC value, novel-detection narrative), where it loses (point-product best-of-breed shops, Microsoft-aligned shops, short-cycle compliance buys), and where the market is going (consolidation pressure, agentic AI adoption, identity-centric attacks) is a credibility marker.

What is the culture like and how should I think about the recent layoffs?

The culture is recognisably British-rooted technical with a strong Cambridge maths and physics flavour in research and product, layered on top of a globally distributed and very metrics-driven sales organisation that scaled hard through the late 2010s and into the IPO. Quiet technical depth at the centre, energetic commercial execution at the edges. Working language is English across the company. Regarding the late-2024 layoffs: following the Thoma Bravo take-private in October 2024 the company carried out a round of layoffs as part of a standard PE-era operational reset, alongside continued investment in product, engineering, and US-focused go-to-market. Layoffs at the start of a PE ownership cycle are a typical pattern and should be read as a one-time operational reset rather than as a signal of ongoing instability; the company has continued to hire actively across engineering, research, US sales, customer success, and operations. For candidates joining now the practical implication is that targets are sharper, headcount is tighter, and the bar for new investment is higher than in the LSE-listed period; show that you can ship and contribute in that environment.

What is the Darktrace ActiveAI Security Platform and how is it different from the original Enterprise Immune System?

The Darktrace ActiveAI Security Platform is the current-generation re-architecture and rebrand of the original Enterprise Immune System that the company built its early reputation on. The platform is organised into five product families — Detect, Respond (the Antigena autonomous response capability), Heal, Prevent, and Cyber AI Analyst — covering network, email, cloud, OT/IoT, identity, and endpoint surfaces. The underlying philosophy is unchanged from the original Enterprise Immune System: an unsupervised, self-learning model learns the unique pattern of life of every device, user, and connection in an enterprise environment, surfaces anomalies that deviate from that learned baseline, and (with the Antigena Respond capability) takes autonomous action to contain confirmed threats at machine speed without waiting for human approval. The re-architecture has expanded surface coverage, added the Cyber AI Analyst layer for triage and narrative generation, integrated the Heal and Prevent product families, and refreshed the brand and packaging to reflect a multi-product platform story rather than a single-product NDR pitch. For candidates, understanding which surface and which product family the role you are applying for sits in is the right way to show you have read past the marketing headline.

Open Positions

Darktrace PLC currently has 2 open positions.

Check Your Resume Before Applying → View 2 open positions at Darktrace PLC

Related Resources

Sources

Darktrace Careers Portal — Darktrace plc
Darktrace Workday Candidate Portal (DarktaceExternal) — Darktrace plc / Workday
Recommended Cash Offer for Darktrace plc by Thoma Bravo (Rule 2.7 Announcement, April 2024) — Thoma Bravo / Darktrace plc
Darktrace Scheme of Arrangement Becomes Effective; LSE Delisting (October 2024) — Darktrace plc
Darktrace Annual Report and Accounts (final LSE-listed period, year ended 30 June 2024) — Darktrace plc
Darktrace Statement on QCM Short Report and Independent EY Review (2023) — Darktrace plc
Darktrace IPO Prospectus (London Stock Exchange, April 2021) — London Stock Exchange / Darktrace plc
Darktrace ActiveAI Security Platform Product Page — Darktrace plc
Cyber AI Research Centre at Darktrace, Cambridge — Darktrace plc
Jill Popelka Appointed CEO of Darktrace (2024) — Darktrace plc