Product overview

See how dev-centric DAST for the enterprise secures your business.

Web attacks

Continuous security testing for web applications at high-scale.

API attacks

Safeguard your APIs no matter how often you deploy.

Business logic attacks

Future-proof your security testing with green-flow exploitation testing.

LLM attacks

Next-gen security testing for LLM & Gen AI powered applications and add-ons.

Interfaces & extensions

Security testing throughout the SDLC - in your team’s native stack.


Connecting your security stack & resolution processes seamlessly.


Getting started with Bright and implementing it in your enterprise stack.

Book a demo

We’ll show you how Bright’s DAST can secure your security posture.


Check out or insights & deep dives into the world of security testing.

Webinars & events

Upcoming & on-demand events and webinars from security experts.


Getting started with Bright and implementing it in your enterprise stack.

Case studies

Dive into DAST success stories from Bright customers.


Download whitepapers & research on hot topics in the security field.

About us

Who we are, where we came from, and our Bright vision for the future.


Bright news hot off the press.

Webinars & events

Upcoming & on-demand events and webinars from security experts.

We're hiring

Want to join the Bright team? See our open possitions.

Bug bounty

Found a security issue or vulnerability we should hear about? Let us know!

Contact us

Need some help getting started? Looking to collaborate? Talk to us.

Careers >
Security Researcher

Security Researcher

Israel, Remote

About the company

Bright is a rapidly growing, top-tier venture-funded company, focusing on developer-centric application security for the enterprise. We enable organizations to fix security issues before they reach production by integrating security early in the software development process, reducing reliance on manual testing, and running scans frequently.


We are looking for a highly passionate, professional, hands-on software and team player Security Researcher  to help develop new tests for the Bright Security testing product.
You’ll have a unique opportunity to work with cutting-edge technologies and build applications that allow the world’s biggest enterprises to test their applications.

About the product

The company is developing a SaaS product that empowers Application Security & Development teams to find and fix vulnerabilities iteratively at every step in the SDLC, without slowing them down.

Sphere of operation: Application Security Testing

Key Responsibilities:

  • Conducting vulnerability and exploit research and analysis, finding security bugs (both business logic based and non business logic based) and modeling them into patterns that could be automated with code
  • Maintaining current supported attacks in our DAST tool, analyzing results to decrease missed true positives and false positive rates
  • Working very closely with software engineers, including developing new attacks for the Bright Security DAST product


  • Excellent verbal and written english skills
  • Knowledge of Web Application Security attacks including but not limited to OWASP Top 10 and API top 10
  • At least 3 years of Experience in pentesting and reporting on identified vulnerabilities
  • At least 2 years working in a development environment, with one of those languages or similar ones: Python, Node.js, Go
  • Team player with the ability to work autonomously in a fast-paced, dynamic environment and enjoy collaborating on cross-region (europe and Israel) teams
  • Thorough knowledge of information security components, principles, practices, and procedures
  • Experience with security tools like zap, burp

Bonus Skills: 

  • Experience developing code in a centralized repo
  • Familiarity with microservices architecture, and asynchronous communication mechanisms and tools (i.e. kafka, redis stream)
  • Participating in Bug Bounties
  • Security related certifications (CEH / OSCP)
  • Experience developing tools for malicious code analysis, network traffic analysis and the detection of malicious code on endpoint systems

Our tech stack:

  • Our core engine that includes exploit logic, is written in crystal
  • We have other microservices written in Node.js and Go that communicate with the engine
  • We use PostgreSQL, Elasticsearch and redis to store various types of data


  • Competitive salary
  • Remote work
  • Paid vacation (18 days a year), state holidays and sick leave
  • World-class security experts changing the world of application and API security. Do it with us.
  • A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.

By submitting this form, you consent to allow Bright to store and process the personal information submitted and to contact you in regards to the content or services requested. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our privacy policy.

Get our newsletter