Senior Offensive Security Researcher

Our mission is to make application security and software assurance a reality, at scale. We’re a dedicated team that leverages each other’s strengths to produce cutting-edge solutions to difficult problems. Join us to grow your career and create the future of software assurance at scale.

Work You’ll Do

As a member of our team, you will be responsible for planning and delivering in-depth security assessments across a variety of products and services. Your next project could be anything from static and dynamic analysis of a multi-node infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language. Other responsibilities include:

• Scope and execute in-depth security assessments and vulnerability research across a broad range of on-premise software, cloud services, and infrastructure.
• Perform in-depth security assessments using results from static and dynamic analysis.
• Create testing tools to help teams identify security-related weaknesses.
• Collaborate with teams to help them triage and fix security issues.

What You’ll Bring

• Bachelor’s or Master’s degree in Computer Science or related field (e.g. Electrical Engineering).
• 2+ years industry experience in one or more of the following areas: software/product security assessments, penetration testing, red teaming, web application assessments.
• Aptitude for self-study, setting and achieving long-term goals (for example, learning an unfamiliar programming language).
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff.
• Excellent organizational, presentation, verbal, and written communication skills.
• This role does not require access to a cleared work environment. Security clearances are not required, and active clearances cannot be sponsored.

Nice to Have

• Proficiency with multiple programming languages, preferably Go, Java, Python, or C/C++.
• 5+ years industry experience in software development.
• Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools.
• Hands-on experience in one or more of the following with an interest in doing full-time research: cybersecurity consulting, security engineering, vulnerability management, risk assessments, bug bounty hunting, malware analysis, forensics.
• OSCP, OSWE certification, or interest in achieving certification.
• Experience navigating and working with extremely large codebases is also highly desirable.
• Experience using common security assessment tools and techniques in one or more of the following categories: Mobile Application Assessment (iOS / Android), Reverse Engineering (e.g. IDA Pro/Ghidra/Radare2), Fuzzing (e.g. Jazzer/AFL/Peach), Web Application assessment (e.g. Burp Suite Proxy, ZAP, REST API testing).
• Proficiency in manual penetration testing in at least TWO or more of the following areas - Mobile, API, Infrastructure, OS, Web Application.
• Knowledge of common vulnerabilities in different types of software and programming languages, including: how to test for/exploit them, real-world mitigations that can be applied.
• Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10, CVSS, MITRE CVE).
• Ability to threat model systems/applications/platforms to assess design and find flaws that can be exploited.

What We’ll Give You

• A team of very skilled and diverse personnel across the globe.
• Ability to work in a hybrid work environment.
• Exposure to mind-blowing large-scale cutting-edge systems.
• The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day.
• Develop new skills and competencies working with our vast cloud product offerings.
• Ongoing extensive training and skills development support to further your career aspirations.
• Incredible benefits and company perks.
• An organization filled with smart, enthusiastic, and motivated colleagues.
• The opportunity to impact and improve our systems and delight our customers.