Application Security Consultant

CYE is looking for an Application Security Consultant with high potential, to be a part of our elite security research team. As an Application Security Consultant, you will take an active role in penetration testing activities that will help evaluate and improve our customers’ security level. A typical job could be breaking into a segmented secure zone at a Fortune 500 organization, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected. 

Responsibilities

• Identify, communicate, and drive the resolution of vulnerabilities
• Research and advocate for new security solutions and technologies
• Continue to drive security evaluation earlier in the cycles through iterative security testing
• Operate as an incident responder for triage pertaining to web-based vulnerabilities
• Ensure customers’ security by hands on penetration testing, hypothesizing threats, helping development teams remediate risks upfront and execute secure implementation efforts
• Improve secure coding practices, application security requirements, automation, training, and metrics

Qualifications

• 1 year of experience in Application Security Research including: penetration testing, familiarity understanding of major Application Security attacks, vulnerabilities and mitigations including XSS, CSRF, SQL Injection, Deserialization, RCE, etc.
• Familiarity with OWASP Top 10 and CWE 25
• Familiarity with a wide range of high-level programming languages (Java, JS, Python, etc.) and Software Development Life Cycle (SDLC) - an advantage
• Familiarity with cloud environments – AWS and GCP in particular - an advantage