תיאור המשרה
Performing security source code analysis.
Analyze application vulnerabilities and provide mitigation strategies.
Researching, designing, and writing application security rules for detection, while working closely with a development team for SAST
Analyzing different programming frameworks in different programming languages for potential sources and sinks for SAST.
Handling complex cases escalated from the field and other teams.
Improving Mend SAST engines for various programming languages.
Requirements:
Experience with security review of source code – Must!
At least 5 years of experience in application security or security research, including the understanding of application security attacks, vulnerabilities, and mitigations- Must!
Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.) – Must!
Experience with at least 2-3 of the following programming languages -Java, C#, Go, JS, Python, PHP, Ruby, etc- Must!
Language agnostic approach to vulnerability identification in the source code (ability to read multiple programming languages source code and identify vulnerable parts).
Proven experience leading tasks and projects end-to-end, passion to grow to a TL position
Excellent English – written and verbal.
Excellent interpersonal and communication skills.
Advantages:
BSc or BA in Computer Science or a similar degree
Experience in managing application security engineers
Experience working with development teams.
Experience with bug bounty research or published advisories or exploits for discovered 0day vulnerabilities in applications.
דרישות התפקיד
Performing security source code analysis.
Analyze application vulnerabilities and provide mitigation strategies.
Researching, designing, and writing application security rules for detection, while working closely with a development team for SAST
Analyzing different programming frameworks in different programming languages for potential sources and sinks for SAST.
Handling complex cases escalated from the field and other teams.
Improving Mend SAST engines for various programming languages.
Requirements:
Experience with security review of source code – Must!
At least 5 years of experience in application security or security research, including the understanding of application security attacks, vulnerabilities, and mitigations- Must!
Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.) – Must!
Experience with at least 2-3 of the following programming languages -Java, C#, Go, JS, Python, PHP, Ruby, etc- Must!
Language agnostic approach to vulnerability identification in the source code (ability to read multiple programming languages source code and identify vulnerable parts).
Proven experience leading tasks and projects end-to-end, passion to grow to a TL position
Excellent English – written and verbal.
Excellent interpersonal and communication skills.
Advantages:
BSc or BA in Computer Science or a similar degree
Experience in managing application security engineers
Experience working with development teams.
Experience with bug bounty research or published advisories or exploits for discovered 0day vulnerabilities in applications.