Collaborate with the development teams to conduct design review, code review, and dynamic analysis.
Identify, communicate and drive the resolution of vulnerabilities.
Research and advocate for new security solutions and technologies.
Continue to drive early security evaluation by conducting iterative security testing.
Implement automated secure coding tools and processes (SAST, IAST) to review code as it’s written, promoted through the development lifecycle, and into production.
Operate as an incident responder for triage pertaining to web-based vulnerabilities.
Requirements
3 years of proven experience with high-level code auditing on backend or relevant military service.
3 years of proven experience in AppSec research, including a deep understanding of major AppSec attacks, vulnerabilities and mitigations including SQL injection, Deserialization, RCE, etc or relevant military service.
Familiarity with a wide range of programming languages (Go, JavaScript, TypeScript, etc) and Software Development Life Cycle (SDLC).
Experience with cloud environments - specifically AWS and GCP - Advantage
Familiarity with a wide range of database types and architectures.
Found a high-severity vulnerability in a popular app - Advantage
Familiar with mobile application platforms and APIs like Google Play, App Store - Advantage