Mid Security Researcher (WEB)

We are looking for a Web Application Security Researcher to join our security team. In this role, you will go beyond standard testing by diving deep into data research and telemetry. You will be responsible for identifying sophisticated attack patterns and developing real-time detection logic to ensure our defenses stay ahead of evolving threats.

Key Responsibilities

• Data-Driven Research: Analyze large datasets and security telemetry to identify anomalies and potential security breaches.
• Detection Engineering: Design, develop, and implement security rules and logic to trigger company defense systems and identify findings in real-time.
• Vulnerability Research: Conduct deep-dive security research on complex web applications.
• Collaboration: Work closely with R&D and Security Operations teams to provide remediation guidance and enhance monitoring capabilities.

Requirements

• Experience: 3+ years of experience in Web Security Research or Advanced Penetration Testing.
• OWASP Mastery: Deep understanding of the OWASP Top 10 and modern web-based attack vectors.
• Third-Party Security: Ability to find and fix security flaws in open-source libraries and third-party software.
• Infrastructure: Strong understanding of microservices architectures, Docker, and Kubernetes.
• Coding Skills: Ability to read and script in languages such as Python, JavaScript (Node.js), Go, or Java.
• Web Tech: Expertise in web protocols (HTTP/S, WebSockets), Auth mechanisms (OAuth, JWT, SAML), and modern APIs (REST, GraphQL).
• Soft Skills: Good communication skills and a genuine passion for sharing knowledge with the team.

Bonus Points

• Analytics: Hands-on experience with Kibana and Elasticsearch for data visualization and threat hunting.
• Community Engagement: Experience with writing security blogs, CVE research, or active participation in Bug Bounty programs.
• Certifications: OSWE, OSCP .
• Recognition: Active participation in CTFs or presentations at security conferences.