Security Researcher

About Element Security

Element Security is a leader in external attack surface security. Our CTEM platform continuously validates real risk by executing safe, controlled exploitation to surface high-impact exposures that truly matter.

Job Description

We are hiring a Security Researcher with deep web application expertise to design and maintain attack modules for our exploitation engine. You’ll turn cutting-edge research into reliable, production-grade modules that identify and validate real exposures across modern web stacks.

What You'll Do

• Build attack modules for web apps, APIs, and services (REST, GraphQL, WebSockets, gRPC).
• Encode exploitation logic for authN/authZ flaws, JWT/OAuth/OIDC/SAML, CSRF/CORS, SSRF, SQLi/NoSQLi, XSS, template injection, deserialization, path traversal, file upload, command injection, IDOR/BOLA, race conditions, and misconfigurations (general app and cloud-native).
• Implement safe, idempotent exploitation with guardrails (timeouts, rate limits, retries, target capability checks, rollbacks).
• Research and track new CVEs, techniques, and exploit chains; convert findings into reusable module templates and signatures.
• Collaborate with Platform/R&D to integrate modules (module framework, data models, telemetry) and ship via CI/CD.
• Write clear docs and PoCs, plus unit/integration tests and module simulations.
• Contribute to threat intelligence: enrichment logic, fingerprinting, version/parsing heuristics.
• Triage and validate platform-discovered vulnerabilities with reproducible evidence.

Required Qualifications

• 3+ years in web app security, offensive research, or application pentesting.
• Strong web-app exploitation tooling experience in Python 3 or another modern language (Go/Rust/Ruby), and a commitment to write production Python day-to-day.
• Deep understanding of HTTP, sessions/cookies, TLS, proxies, API auth (OAuth/OIDC/JWT), SSO, and modern app architectures (SPAs, microservices).
• Familiarity with OWASP Top 10, API Security Top 10, and practical exploitation/mitigation paths.
• Experience with pentest tooling (e.g., Burp Suite, Nmap) and turning manual techniques into automated checks.
• Comfortable in Linux/Docker, Git workflows, and basic CI (e.g., GitHub Actions).
• Excellent written communication for module docs and reproduction steps.

How You Work

• Pragmatic researcher who can productize exploits with clean, testable code.
• Bias to safety and reliability: noisy vs. stealthy tradeoffs, sandboxing, and target impact minimization.
• Curious, collaborative, and comfortable moving between research spikes and steady module delivery.
• Ethical by default: you respect boundaries and legal frameworks.

What You'll Work On

• Internal module framework and templates
• Advanced exploitation workflows for modern web apps and APIs
• Observability (metrics, traces, evidence artifacts)
• Continuous delivery of modules to production customers