Contrast Security

Compensation

Full Description

At Contrast Security, we’re redefining how organizations protect their software at the speed of modern development. With industry-leading Application Detection and Response (ADR), we give teams the power to detect, stop and fix real threats in real time. If you're passionate about building smarter, faster, more effective security, you’ll fit right in. We’re looking for sharp minds, fearless builders, and problem-solvers who thrive on turning complex challenges into innovative solutions. About the Position Our Application Security Research team is hyper-focused on vulnerability and threat research affecting the world's software ecosystem to deliver world-class runtime application security products. He or she will maintain the fidelity of research and findings in our real-time security intelligence platform. This research can involve testing emerging vulnerabilities and novel research, both of which will be used to develop Contrast’s runtime capabilities further. This role will work closely with product and engineering functions to creatively solve complex problems in the world of application security. In addition to product development functions, this position will present opportunities to contribute original research for publication on company blogs, papers, and conference presentations. Responsibilities Conduct basic and applied research on important and challenging problems in application security to creatively improve and innovate runtime products Help define and drive research projects, either on your own or in collaboration with others on the team Engage with Contrast’s product teams and customers to promote and seek out new research initiatives Support the gathering of language, library, license, and application security research Process emerging threats, such as evaluating externally found CVEs and risks Development and presentation of content associated with security research through conference speaking and/or blogging Provide tier-3 support for reported incidents and escalation of security findings review Provide mentorship and direction to the team Qualifications Software background in Java and .NET (plus if you have experience with NodeJS, Python, and Ruby.) Able to develop purposefully vulnerable applications and exploit them Understand the OWASP Top 10 and SANS/CWE Top 25 Experience with ethical hacking and vulnerability management reporting Knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc.) You have strong communication skills You ask questions, let others know when you need help, and tell others what you need 5+ years of experience in industry application security research, pen-testing, consulting, or direct application You have a hacker’s curiosity blended with an engineer’s problem-solving Please include a link to your Github or BitBucket account and any links to some of your projects, if available We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply. We're transforming the way the world secures software. If you're ready to make a real impact, thrive in a fast-paced environment, and grow alongside a team of passionate professionals, we’d love to hear from you. Apply today and help us shape the future of application security.