Security Researcher

About the company

Bright is a rapidly growing, top-tier venture-funded company, focusing on developer-centric application security for the enterprise. We enable organizations to fix security issues before they reach production by integrating security early in the software development process, reducing reliance on manual testing, and running scans frequently.

Position

We are looking for a highly passionate, professional, hands-on software and team player Security Researcher to help develop new tests for the Bright Security testing product.
You’ll have a unique opportunity to work with cutting-edge technologies and build applications that allow the world’s biggest enterprises to test their applications.

About the product

The company is developing a SaaS product that empowers Application Security & Development teams to find and fix vulnerabilities iteratively at every step in the SDLC, without slowing them down.

Sphere of operation: Application Security Testing

Key Responsibilities:

• Performing vulnerability and exploit research and analysis.
• Incident response
• Finding security bugs and modeling them into attack patterns.
• Conducting research in the area of expertise and reporting of findings to developers.
• Developing new tests for the Bright Security testing product.
• Providing actionable and constructive feedback to cross-functional teams.
• Author blogs posts and presentations on topics and research in the area of expertise.

Qualifications:

• Knowledge of Web Application Security attacks including but not limited to OWASP API Top 10 and API top 10.
• At least 3 years of Experience in pentesting and reporting on identified vulnerabilities.
• Thorough knowledge of information security components, principles, practices, and procedures.
• Experience running Multiple security tools
• Ability to analyze results and debug security findings, triaging False Positives / True Positives

Hard Skills:

• Knowledge of Scripting / code development in Python / Ruby
• Knowledge of Diagram designs and UML diagrams
  

Soft Skills:

• Excellent ability to communicate in English (Speaking / Writing)
• Team player with the ability to work autonomously in a fast-paced, dynamic environment and enjoy collaborating on cross-functional teams.
• Organized
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Bonus Skills: 

• Knowledge of Russian Language
• Experience developing code in a centralized repo
• Participating in Bug Bounties
• Security related certifications (CEH / OSCP)
• Experience developing tools for malicious code analysis, network traffic analysis and the detection of malicious code on endpoint systems.

Benefits

• Competitive salary
• Remote work
• Paid vacation (18 days a year), state holidays and sick leave
• World-class security experts changing the world of application and API security. Do it with us.
• A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.