large-meteor small-blured-meteor

Careers > APPLICATION SECURITY RESEARCHER

APPLICATION SECURITY RESEARCHER

Type:FULL-TIME

id: #0302

overview

CYE is looking for a talented Application Security Researcher to be a part of our elite security research team. As an Application Security Researcher, you will take an active role in penetration testing activities that will help evaluate our customers’ security level and improve it. A typical job could be breaking into a segmented secure zone at a Fortune 500 organization, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected.

Responsibilities

  • Identify, communicate, and drive the resolution of vulnerabilities
  • Research and advocate for new security solutions and technologies
  • Continue to drive security evaluation earlier in the cycles through iterative security testing
  • Operate as an incident responder for triage pertaining to web-based vulnerabilities
  • Ensure customer s’ security by hands on penetration testing, hypothesizing threats, helping development teams remediate risks upfront and execute secure implementation efforts
  • Improve secure coding practices, application security requirements, automation, training, and metrics

Qualifications

  • 3+ years of experience in Application Security Research including: penetration testing, deep understanding of major Application Security attacks, vulnerabilities and mitigations including XSS, CSRF, SQL Injection, Deserialization, RCE, etc.
  • Experienced with web & mobile application security, API analysis and unique client/ server architectures.
  • Proven experience in high-level code auditing (3 years or equivalent military service)
  • Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
  • Familiarity with a wide range of high-level programming languages (Java, JS, Python, etc.) and Software Development Life Cycle (SDLC).
  • Familiarity with cloud environments - AWS and GCP in particular
We use technical and analytics cookies to ensure that we give you the best experience on our website. To disable tracking click here.