Application Security Researcher

Responsibilities:

As an Application Security Researcher, you will

• Design secure solutions to support R&D and business needs.
• Lead in-depth security assessments, architecture reviews, threat modeling of the application stack, including applications built on cloud and emerging technologies.
• Proactively research the company’s architecture & technologies to find impactful vulnerabilities & misconfigurations
• Review source code for potential security issues, recommend and implement fixes.
• Write security test cases to check for vulnerabilities or broken/missing security controls.
• Providing specific risk assessment and remediation guidelines for developers and business owners.
• Help manage and triage findings from various sources like penetration tests, security tools/scanners and bug-bounty reports..
• Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks.
• Document and disseminating security guidelines for common security issues, remediation guidance, and security baselines.
• Provide guidance for EU GDPR and CCPA compliance on the technological side - database security, inventory, and masking.
• Participate in the incident response team during crises.
• Work closely with architects, developers, DevOps & IT Engineering to provide security guidance and mentor them, as necessary.
• Actively promote improving the security culture and education within the organization.

Requirements:

• 3+ years of experience in web & mobile application security, SSDLC, Threat Modeling
• Deep understanding of web application security threats, exploits, prevention
• Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
• Experience in penetration testing, vulnerability scanning, SAST, and DAST. Familiar with tools and technologies used
• Passion for understanding and researching vulnerabilities and exploitation techniques
• Knowledge of DevSecOps methodologies, tools and technologies (e.g. CI/CD)
• Proficiency in networking concepts (firewalls, load balancers, etc)
• Keeps up with industry trends in security technology and threats
• Experience in securing infrastructure in a public cloud (e.g. AWS, Azure, Google Cloud)
• Having a background in web/mobile application development and/or code auditing - strongly preferred
• Ability to work in a self-directed environment that is highly collaborative and cross-functional
• Understanding of EU GDPR and CCPA
• Experience in managing a bug-bounty program - an advantage
• Experience in writing scripts and automated tools in at least one of the following languages - Python, Bash, Ruby and Go
• Experience in performing red team assessments – an advantage
• A computer science degree – an advantage