🚀Bright Security Unveils Bright STAR: Autonomous Security Testing and Remediation Platform

Pen Tester

Engineering
Remote
Full-time

About the company

Bright Security is a rapidly growing global SaaS B2B company tackling some of the biggest challenges in Application Security. Bright’s enterprise-grade, dev-centric Dynamic Application Security Testing (DAST) platform provides comprehensive application testing from development to production and cloud, offering detailed vulnerability proof and remediation guidelines throughout the SDLC. Our solution accelerates issue awareness remediation from a 12-week average to same-day discovery.

About the product

Bright’s product is the first of its kind to integrate DAST testing into unit tests, integrating into CI/CD pipelines, and various educational programs designed for developers to adapt an ‘early and often’ posture when it comes to testing for security vulnerabilities.  With the Bright engine’s stellar technical and business logic, minimal false positives, and developer-centric design, there is no need for manual validation of security findings, removing costly and time consuming human bottlenecks that cripple rapid releases and drain dev team’s limited security resources.

Sphere of operation: Application Security Testing

Position: Pen Tester

Key Responsibilities:

  • Perform comprehensive penetration tests on client applications to identify vulnerabilities, weaknesses, and potential threats.
  • Analyze Bright’s DAST solution reports as part of the POC process, dive into false-positive or missed findings and file root-cause reports. 
  • Create detailed and clear reports outlining the results of penetration tests.
  • Utilize a variety of testing methods and tools to evaluate the security of web and mobile applications.
  • Collaborate with internal and external clients to understand the specific security concerns and objectives.
  • Stay up-to-date with the latest security threats, vulnerabilities, and industry trends.
  • Continuously expand your knowledge and skills in penetration testing and security assessment techniques.
  • Provide ongoing support to ensure the successful mitigation of identified vulnerabilities.
  • Manage internal bug bounty programs.

Hard Skills:

  • Knowledge of multiple security tools (e.g., Burp Suite, Metasploit, Zap, AMASS).
  • Knowledge of Scripting / code development in Python / Ruby
  • Knowledge of Diagram designs and UML diagrams (draw.io etc..)
  • Mobile Application Penetration Testing and iPhone\Android package testing (deb, apk)

Soft Skills:

  • Excellent ability to communicate in English (Speaking / Writing)
  • Team player with the ability to work autonomously in a fast-paced, dynamic environment and enjoy collaborating on cross-functional teams.
  • Organized
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Qualifications:

  • At least 3 years of Experience in pentesting and reporting on identified vulnerabilities.
  • Thorough knowledge of information security components, principles, practices, and procedures.
  • Experience running multiple security tools (e.g., Burp Suite, Metasploit, Zap, AMAAS).
  • Ability to analyze results and debug security findings, triaging False Positives / True Positives
  • Bachelor’s degree in Computer Science, Information Security, or a related field (preferred).
  • Proven experience in penetration testing, ideally in a client-facing role.
  • Strong knowledge of web and mobile application security vulnerabilities and exploitation techniques.

Bonus Skills: 

  • Industry certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP) are a plus.
  • Excellent communication and presentation skills.
  • Ability to collaborate effectively with clients to understand their needs and translate technical findings into actionable recommendations.
  • Excellent communication and presentation skills.

Benefits

  • Competitive salary
  • Remote work
  • Paid vacation (18 days a year), state holidays and sick leave
  • World-class security experts changing the world of application and API security. Do it with us.
  • A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.