You are a naturally curious and perceptive individual who can look at problems from multiple angles.
You can put yourself in the shoes of a potential hacker in order to identify and predict security flaws in our systems.
You always persevere with a task to the end –– even if there’s insufficient information to help you along.
You are the type of person who thrives in a dynamic and challenging work environment. You approach even the smallest task with an open mind.
Most importantly, you value the importance of constant, open, and honest communication.
If you know what we can do to improve, we’re always open to your feedback. We always judge your suggestions based on merit, and not personal bias.
We are looking for someone who loves to:
- Keep up with the latest news and trends in security research
- Do great work, and inspire people around them to do the same
- Work with highly talented people in an exciting, multinational environment
- Get things done in a no-nonsense manner
- Work without bureaucracy and hierarchy
- Analyse and optimise processes to handle unexpected situations more efficiently
- Be extremely hands-on, and also have a say in the company’s big picture strategy
- Have the latest tools and technologies at their disposal
- Learn and improve, day in and day out
To excel in this role, you must have:
- Experience with web application security and testing, security monitoring, and intrusion detection
- Experience with fuzzing and finding edge cases in validation
- Understanding of encryption fundamentals and the OWASP Top 10
- A good understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL), side-channel, DoS, buffer overflows and DNS cache poisoning
- Able to assess the security impact of bugs and API inconsistencies
- Familiarity with industry standard tools such as Burp Suit and Metasploit
- Experience in writing custom code and scripts to investigate security threats
- A clear understanding of the OSI model, TCP/IP, and other industry-standard network defense concepts
- Knowledge of the latest industry trends and best practices in information security
- Extensive experience in bug bounty programmes such as HackerOne, Bugcrowd, and Cobalt
- OSCP, CEH, Security+, CISSP, or any GIAC certification is an advantage