עדיין מחפשים עבודה במנועי חיפוש? הגיע הזמן להשתדרג!
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.
CYTRIX is looking for a strong Vulnerability Researcher to join our offensive security core team and help build the next generation of automated red-team technology.
In this role, you will research modern web applications, APIs, authentication flows, business logic, and complex user journeys to identify real-world vulnerabilities and translate them into repeatable testing logic inside the CYTRIX platform.
You will work on vulnerability classes such as IDOR, BOLA, Broken Access Control, authentication bypasses, business logic flaws, injection issues, misconfigurations, JWT issues, file upload abuse, and cloud/service exposure.
Responsibilities:
- Research web applications, APIs, and complex business flows.
- Identify and validate real-world vulnerabilities.
- Analyze authentication, authorization, sessions, roles, and user journeys.
- Translate manual penetration testing techniques into automated testing logic.
- Develop payloads, exploit ideas, and validation methods.
- Collaborate with engineering teams to improve CYTRIX’s scanning and exploitation capabilities.
- Write clear technical documentation and reproduction steps.
Requirements:
- 5+ years of hands-on experience in vulnerability research, web penetration testing, bug bounty, red team, or offensive security.
- Strong understanding of web application and API security.
- Deep knowledge of HTTP, browsers, cookies, sessions, JWT, OAuth, SSO, CORS, and modern authentication flows.
- Experience finding business logic vulnerabilities, access control issues, IDOR/BOLA, and privilege escalation bugs.
- Ability to analyze requests, responses, JavaScript, logs, and browser flows.
- Experience with tools such as Burp Suite, DevTools, Postman, curl, Nuclei, or custom scripts.
- Basic scripting ability in Python, JavaScript, or another language.
Advantages:
- Strong Python skills.
- Experience with browser automation such as Playwright, Selenium, or Puppeteer.
- Experience with GraphQL, gRPC, WebSocket, mobile APIs, or cloud security.
- Experience developing exploit scripts or automation for vulnerability validation.
- Familiarity with AI-assisted security testing or automated exploitation workflows.
Additional Details:
- Full-time position (Sunday–Thursday, 9:00–17:00)
- Hybrid model: 3 days from the office, 2 days from home
- Offices in Ra’anana (with parking)
- Small, strong team with real impact on the product
- Dynamic and flexible work environment
- Young, supportive, and collaborative culture
במקום לעבור לבד על אלפי מודעות, Jobify מנתחת את קורות החיים שלך ומציגה לך רק משרות שבאמת מתאימות לך.
מעל 80,000 משרות • 4,000 חדשות ביום
חינם. בלי פרסומות. בלי אותיות קטנות.