Security researcher

Summary

Join Wallarm, a global remote-first team protecting clients since 2016, as we improve detection capabilities of our API security solutions. We're a 100+ person team across 4 continents and 10+ countries, serving 200+ customers including Fortune 500 companies. You will analyze and research new vulnerabilities and attack techniques, develop detection mechanisms, and continuously evaluate product security. This role requires a solid understanding of web protocols and web application security, experience with Linux and Docker, and proficiency in a programming language. We offer competitive salaries, bonuses, paid time off, medical insurance, and professional development opportunities.

Requirements

• Solid understanding of web protocol stack (TCP, HTTP, TLS), HTTP request/response structure, HTTP headers, and web server principles
• Experience in web application security assessment
• Deep knowledge of all types of attacks on web applications (CWE, OWASP Top 10, OWASP API Top 10)
• Experience with Linux, Docker containers, and version control systems (GIT)
• Proficient in one of the programming languages (e.g. Python/Ruby)
• Analytical mindset
• Proficient in English

Responsibilities

• Improve detection capabilities of Wallarm products
• Analyze and research new vulnerabilities, WEB/API attack techniques and reproduce them
• Develop new detection mechanisms, rules and attack attribution filters
• Continuously evaluate (manually and automated) the product’s posture
• Identify detecting gaps
• Research new methods and techniques for identifying API threats (API vulnerabilities, API leaks, etc.)
• Generate and push ideas for improving the product
• Occasionally triage security events and investigate security incidents
• Support and improve the infrastructure and processes of the team

Preferred Qualifications

• Practical offensive security certifications (BSCP, OSCP, OSWE, ASCP, etc.)
• Participation experience in bug bounty, CTFs
• Experience and skills in bypassing Web Application firewalls
• Professional publications and/or speaker experience at specialized conferences
• Experience and/or desire to write security blog posts

Benefits

• Ability to work on a product that makes the Internet safer
• Completely remote work and flexible working hours
• Competitive salary and bonuses
• Paid days off
• Medical insurance
• Working equipment
• Professional development and career growth