Security Researcher

About the product

Key Responsibilities:

• Conducting vulnerability and exploit research and analysis, finding security bugs (both business logic based and non business logic based) and modeling them into patterns that could be automated with code
• Maintaining current supported attacks in our DAST tool, analyzing results to decrease missed true positives and false positive rates
• Working very closely with software engineers, including developing new attacks for the Bright Security DAST product.

Qualifications:

• Excellent verbal and written English skills
• Knowledge of Web Application Security attacks including but not limited to OWASP Top 10 and API top 10
• At least 3 years of Experience in pentesting and reporting on identified vulnerabilities
• At least 2 years working in a development environment, with one of those languages or similar ones: Python, Node.js, Go
• Team player with the ability to work autonomously in a fast-paced, dynamic environment and enjoy collaborating on cross-region (Europe and Israel) teams
• Thorough knowledge of information security components, principles, practices, and procedures
• Experience with security tools like zap, burp

Bonus Skills:

• Experience developing code in a centralized repo
• Familiarity with microservices architecture, and asynchronous communication mechanisms and tools (i.e. kafka, redis stream)
• Participating in Bug Bounties
• Security related certifications (CEH / OSCP)
• Experience developing tools for malicious code analysis, network traffic analysis and the detection of malicious code on endpoint systems

Benefits

• Competitive salary.
• Remote work.
• An opportunity to work within the R&D team and grow professionally.
• World-class security experts changing the world of application and API security. Do it with us.
• A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.