Security Researcher

About Oxeye‍

Oxeye is a young, well-funded early-stage startup in the growing cloud native application security market. We enable customers to identify and resolve the most critical code vulnerabilities as an integral part of the software development lifecycle, disrupting traditional application security testing (AST) approaches by offering a contextual, effortless, and comprehensive solution that ensures no vulnerable code ever reaches production.

About the position‍

We are looking for an experienced and passionate Security Researcher with proven credentials in web application security and cloud native environments.

Our ideal candidate will be able to detect and exploit web applications and cloud native vulnerabilities, along with researching novel detection methods. Furthermore, we are looking for a candidate that will be able to demonstrate and communicate their achievements in presentations, conferences, and blog posts.

What you'll be doing

• Research new attack vectors with regards to cloud infrastructure, applications, and discover detection methods
• Perform analysis of the existing vulnerabilities and break them apart
• Driving forward our detection algorithms, by presenting new attack techniques
• Analyze different security facets of multiple programming languages and technologies
• Conduct novel research and identifying techniques to exploit and detect threats in cloud native environment 
• Writing blog posts and presenting publicly some of our research findings
  

You Should Apply If

• 4+ years of experience in application security research, specifically web application penetration testing, secure development, security code review, or other similar fields
• At least 2  years of experience in cloud security (AWS/Azure/GCP)
• Proficient with application security, deep understanding of security concepts, vulnerabilities, mitigations, and coding practices
• Strong coding skills with both interpreted and compiled languages and the ability to learn new programming languages and technologies independently
• Proven presentation skills and client-facing experience, including the ability to document and explain technical information in a concise, understandable manner
• Deep knowledge of offensive AppSec techniques and the OWASP Top 10
• Track record of vulnerability findings in bug bounties or prior roles
• Openness to learning, lots of creativity, and a desire to solve tough problems
• Team player approach

Oxeye has a positive, diverse, and supportive culture — we look for people who are inventors, builders, learners, and team players. So, even if your background partially meets the description but, our culture ring true for you we still encourage you to apply and tell us why your skills and values could be an asset to us.