Offensive Web Hacker

About Huskeys

Got WAF? We make it work.

Huskeys is reimagining web application protection for the modern era. As applications become increasingly dynamic, multi-cloud, and API-driven, traditional WAF solutions struggle to keep up - fragmented, noisy, and often blocking legitimate traffic while missing real threats.

Huskeys introduces an intelligent security control layer that works alongside existing WAF infrastructure, helping organizations understand traffic behavior, reduce false positives, and protect revenue-critical applications without disrupting business flows.

We operate at the intersection of real-world web attacks, modern application architectures, and large-scale security data.

About the Role

We’re looking for an Offensive Web Hacker who enjoys breaking modern web applications and understanding how attackers actually operate.

This role focuses on hands-on offensive security research across web applications, APIs, WAFs, and edge environments.

You’ll simulate attacker workflows, explore bypass techniques, and identify real exploitation paths - then turn those findings into reproducible PoCs, detections, and security insights that improve Huskeys’ findings engine and strengthen customer security posture.

This is not a theoretical research role.

It’s about thinking like an attacker and producing outcomes the product can act on.

Why This Role Exists

Huskeys operates in environments where attackers actively probe applications, APIs, and edge controls.

To stay ahead, we need researchers who deeply understand attacker techniques and can translate those insights into practical detections and mitigation strategies.

This role ensures that real-world attack techniques continuously inform our product capabilities, improving detection coverage and reducing blind spots across WAF and edge environments.

What Success Looks Like

• You consistently produce hands-on research that maps to real customer risk, not just theoretical vulnerabilities.
• Your findings include reliable PoCs, clear attacker narratives, and actionable remediation guidance.
• Your work results in new detections, recipes, and playbooks in the findings engine.
• Vendor and edge research translates into measurable improvements in detection coverage and bypass understanding.
• You actively contribute knowledge and techniques that elevate the entire Research team.

What You’ll Do

• Perform hands-on web hacking and offensive security research across real application environments (web apps, APIs, WAFs, CDNs, and edge services).
• Investigate WAF and edge controls in depth - coverage, gaps, bypass patterns, and detection opportunities.
• Research and validate vulnerabilities across web applications and APIs, focusing on real exploitability and attacker workflows.
• Conduct vendor capability and vulnerability research across WAF and edge platforms.
• Build reproducible PoCs and high-signal writeups documenting impact, prerequisites, and reliable reproduction steps.
• Translate research findings into recipes, playbooks, and detections within the findings engine.
• Prototype vendor integrations and edge cases before engineering implementation.
• Collaborate closely with Research and Engineering teams to triage issues and improve detection coverage.
• Share knowledge through documentation, demos, and internal sessions.

Day-to-Day Reality

• Most of your time will be hands-on offensive testing and research.
• You’ll explore how modern web applications behave and how attackers exploit them.
• Research cycles typically move from attack hypothesis → exploitation → validation → PoC → detection logic.
• You’ll collaborate closely with other researchers and engineers to translate findings into product capabilities.

Who We’re Looking For

You think like an attacker but communicate like an engineer.

You enjoy exploring how web applications actually work - and how they break.

You are curious, methodical, and focused on turning exploration into practical security outcomes.

You:

• Approach security research through structured experimentation
• Care about real exploitability and impact
• Document findings clearly so others can reproduce and act on them
• Share knowledge and collaborate with teammates
• Enjoy solving real-world security problems, not just theoretical ones

Must Have

• 6 + years of hands-on web application security or web hacking experience
• Strong understanding of HTTP, browser behavior, cookies, sessions, authentication, and authorization models
• Experience testing web applications and APIs (REST / GraphQL)
• Familiarity with common vulnerability classes such as access control flaws, IDOR, SSRF, XSS, CSRF, injection vulnerabilities, deserialization issues, and business logic abuse.
• Ability to clearly communicate findings, including severity, impact, reproduction steps, and remediation guidance

Nice to Have

• Experience with WAF technologies and WAF bypass techniques
• Familiarity with Cloudflare, AWS WAF, or similar edge security controls
• Scripting ability (Python, TypeScript, JavaScript, or similar) for automation and research tooling
• Experience working with structured research pipelines (hypothesis → validation → documentation)
• Experience producing customer-facing research or security analysis

Why Join Huskeys

• Work on real-world web attacks and modern WAF environments.
• Help shape how security detections are built and deployed at scale.
• Collaborate with a focused research team solving practical security problems.
• High ownership and impact in a fast-moving cybersecurity startup.