Senior Security Researcher

The browser has become the main productivity tool for employees due to driving trends like working remotely, BYOD, and web-based SaaS applications.

At Seraphic, we are revolutionizing browser security. Our patent-pending technology offers unmatched protection against zero-day attacks, phishing, and malicious downloads. By operating at the core of the browser, we provide comprehensive visibility and control, preventing data loss and leakage.

Why Seraphic?

Cutting-Edge Protection: Full defense against all browser threats
Seamless Access: Browse internal sites and private applications directly from your browser without a VPN or a remote desktop
Innovative Environment: Be part of a team leading the cybersecurity frontier shaping the modern solutions impacting billions of users
Challenging Technologies: Engage with a rich SaaS app, high-scale backend processing millions of requests, and a core networking solution, all with the highest level of security
Innovation and Leadership: Leverage our patented technology and leadership recognition, such as Frost & Sullivan's 2024 Enabling Technology Leadership Award for Global Zero Trust Browser Security
Collaboration and Team: Work with industry experts in a collaborative environment to solve complex problems

This is an exciting opportunity to join a fast-growing start-up company, consisting of talented team players, with the best-of-breed solution revolutionizing browser security.

Join us in shaping the future of secure browsing!

We are seeking a talented and passionate Senior Security Researcher to join our team. In this role, you will explore vulnerabilities, analyze emerging threats, and develop innovative solutions to secure web technologies. As a key contributor, you’ll collaborate with a team of experts to ensure Seraphic remains at the forefront of browser and endpoint security.

This role is pivotal in driving Seraphic’s innovation, leveraging deep security expertise and data-driven insights to continually evolve our cutting-edge solutions and safeguard our customers in an ever-changing threat landscape.

What you'll do:

Threat Research: Identify and analyze emerging security threats, vulnerabilities, and attack techniques in web browsers and related technologies
Exploit Development: Simulate real-world attacks to evaluate and improve the resilience of our solutions
Vulnerability Discovery: Conduct in-depth research to uncover vulnerabilities in web technologies, browser extensions, and web applications
Improve and Develop Security Modules: Analyze data collected from our platform to extract actionable insights that enhance existing security modules or propose innovative algorithms to provide superior protection for our customers.
Collaboration: Work closely with the engineering and product teams to integrate findings into Seraphic's solutions and enhance product security
Publishing: Write technical reports, advisories, and white papers to share findings internally and externally when appropriate
Tool Development: Develop tools, scripts, or frameworks to automate threat analysis or identify vulnerabilities
Staying Current: Monitor industry trends, participate in security conferences, and contribute to the security community

Requirements:

What you’ll bring with you:

5+ years in security research, vulnerability analysis, or a related field
Researching or securing web technologies, browser extensions and plugins
Discovering vulnerabilities leading to CVEs
Deep understanding of web technologies, browser internals, and JavaScript
Proficiency in reverse engineering and debugging tools
Familiarity with exploit development and mitigation techniques (ASLR, DEP, etc.)
Experience with modern web application architectures and frameworks
Understanding of network security and common protocols (HTTP, HTTPS, etc.)
Web technologies, malware analysis
Skilled in scripting languages like Python, JavaScript, or Bash
Experience with tools such as Burp Suite, IDA Pro, Ghidra, or similar
Strong analytical and problem-solving skills
Excellent communication skills, both written and verbal

Nice to have but not a must:

Certifications: OSCP, OSWE, or similar certifications in web and application security
Community Engagement: active participation in bug bounty programs, security forums, or contributions to open-source security tools