CYE is looking for a talented Application Security Expert to be a part of our elite security researchers team.
As an Application Security Expert, you will take an active role in penetration testing activities that will help evaluate our customers’ security level and improve it.
A typical job could be breaking into a segmented secure zone at a Fortune 500 organization, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected.
- Identify, communicate, and drive the resolution of vulnerabilities
- Research and advocate for new security solutions and technologies
- Continue to drive security evaluation earlier in the cycles through iterative security testing
- Operate as an incident responder for triage pertaining to web-based vulnerabilities
- Ensure customer s’ security by hands on penetration testing, hypothesizing threats, helping development teams remediate risks upfront and execute secure implementation efforts
- Improve secure coding practices, application security requirements, automation, training, and metrics
- 3+ years of experience in Application Security Research including: penetration testing, deep understanding of major Application Security attacks, vulnerabilities and mitigations including XSS, CSRF, SQL Injection, Deserialization, RCE, etc.
- Experienced with web & mobile application security, API analysis and unique client/ server architectures.
- Proven experience in high-level code auditing (3 years or equivalent military service)
- Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
- Familiarity with a wide range of high-level programming languages (Java, JS, Python, etc.) and Software Development Life Cycle (SDLC).
- Familiarity with cloud environments – AWS and GCP in particular