This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It’s also crucial that you’re an effective communicator, as you’ll collaborate frequently with engineers to guide them in implementing the specifications you create. You’ll also need:
· 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
· 3+ years of software development experience.
· Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.).
· Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).
· Ability to learn new programming languages and/or technologies quickly and independently
· Ability to balance novelty of attacks with the restrictions automation demands.
· Experience with automated application security testing products (SAST, DAST, etc.) a plus.
· Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you’ll need interesting, relevant project ideas.
· Prototyping ability – the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
· Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.
· Strong analytical, organizational, and technical writing skills.
· B.S. in Computer Science or equivalent industry experience.