Security Researcher

A successful global Cybersecurity startup is developing a pioneering protection platform for applications running in large-scale, complex environments. The company’s technology provides security teams with real-time visibility into application behavior, enabling the detection of sophisticated attacks, vulnerabilities, and logic-level flaws before they escalate.

Backed by prominent venture capital, the organization is composed of elite security experts dedicated to redefining AppSec for modern cloud-native architectures.

The company's R&D center is located in Central Israel (prime location near major transport hubs) and operates a hybrid work model with remote flexibility.

Role Overview:

• Vulnerability Research: Conducting advanced security research and penetration testing to identify complex vulnerabilities within high-scale Web applications.
• Logic-Level Analysis: Analyzing application logic and behavior in real-time to uncover deep-seated security risks and potential attack vectors.
• Modern Attack Simulation: Staying at the forefront of the threat landscape by researching and simulating modern Web-based attacks and exploitation techniques.
• Cloud-Native Security: Working within Microservices and Containerized environments to secure distributed architectures and API-driven communication.
• Collaboration with R&D: Partnering with engineering teams to translate research findings into automated security features and mitigation strategies.

Requirements:

• 3+ years of professional experience in Security Research or advanced Penetration Testing – Mandatory.
• Proven expertise in identifying complex Web application vulnerabilities and a deep mastery of the OWASP Top 10 – Mandatory.
• Deep understanding of Web Protocols, including HTTP/S and WebSockets.
• Extensive experience with Authentication mechanisms such as OAuth, JWT, and SAML.
• Strong technical proficiency in REST & GraphQL APIs and Microservices architecture.
• Practical experience working with Docker and Kubernetes.
• Ability to read and write code/scripts in at least one of the following: Python, JavaScript (Node.js), Go, or Java.