Security researcher - Detect
Security researcher - Detect
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job description
Short facts about us:
We are a global remote-first team of 150 people on 4 continents and in 10 countries.
We have been protecting our clients since 2016.
The company has recently closed its Series C round in the amount of $55 million.
More than 200 customers around the world including Fortune 500 Nasdaq and high-growth startups choose Wallarm to protect their API and web applications.
The company passed Y Combinator the most prestigious incubator in Silicon Valley from which Dropbox Stripe Docker etc. came out.
Our product:
Wallarm API security solutions provide proven performance to support innovative companies serving millions of users and billions of API requests per month. Hundreds of Security and DevOps teams globally use Wallarm daily to:
Discover. See every asset across your entire attack surfacefrom cloud environments to every API endpoint with auto-discovery capabilities.
Protect. A single suite that goes beyond OWASP Top 10 for full coverage for API specific threats account takeover malicious bots L7 DDoS and more.
Respond. Streamline incident response with complete visibility smart triggers and active threat verification.
Test. Automate security testing of your APIs and web assets. Prioritize remediation for every asset in every environment.
In this role you will:
Improve detection capabilities of Wallarm products;
Analyze and research new vulnerabilities WEB/API attack techniques and reproduce them;
Develop new detection mechanisms rules and attack attribution filters;
Continuously evaluate (manually and automated) the products posture;
Identify detecting gaps;
Research new methods and techniques for identifying API threats (API vulnerabilities API leaks etc.);
Generate and push ideas for improving the product;
Occasionally triage security events and investigate security incidents;
Support and improve the infrastructure and processes of the team.
Job requirements
In this role youll need:
Solid understanding of web protocol stack (TCP HTTP TLS) HTTP request/response structure HTTP headers and web server principles;
Experience in web application security assessment;
Deep knowledge of all types of attacks on web applications (CWE OWASP Top 10 OWASP API Top 10);
Experience with Linux Docker containers and version control systems (GIT);
Proficient in one of the programming languages (e.g. Python/Ruby);
Analytical mindset;
Proficient in English.
Nice to have:
Practical offensive security certifications (BSCP OSCP OSWE ASCP etc.);
Participation experience in bug bounty CTFs;
Experience and skills in bypassing Web Application firewalls;
Professional publications and/or speaker experience at specialized conferences;
Experience and/or desire to write security blog posts.
What we offer:
Ability to work on a product that makes the Internet safer;
Completely remote work and flexible working hours;
Competitive salary and bonuses;
Paid days off;
Medical insurance;
Working equipment;
Professional development and career growth.
All done!
Your application has been successfully submitted!
Employment Type
Full-Time
