Security Operator

RunSybil

45d•Hybrid

About The Position

RunSybil is seeking a Security Operator to join their security research team. The role involves daily hands-on work with web application vulnerabilities, including assessing findings, confirming exploitability, rating severity, and producing clear reports for customers. This position does not require software engineering experience but demands deep familiarity with web vulnerabilities, strong analytical judgment, and precise communication skills. Ideal candidates have experience in bug bounty, application security, or penetration testing and possess a keen ability to distinguish significant findings from noise.

Requirements

2 or more years of hands-on experience with web application vulnerabilities through bug bounty, penetration testing, application security, or a similar role
Solid, practical understanding of OWASP Top 10 and common web vulnerability classes
Experience reproducing and validating findings manually, including in ambiguous or noisy environments
Comfort with tools like Burp Suite, browser developer tools, or similar for hands-on verification
Strong written communication: you can describe a vulnerability, its impact, and how to fix it in plain language
Attention to detail and consistency
Self-direction: you manage your own work without needing someone to structure your day

Responsibilities

Assess and validate web application vulnerabilities across a range of targets and confirm exploitability and scope
Reproduce findings hands-on using tools like Burp Suite
Rate severity accurately using established frameworks such as CVSS and OWASP
Write clear, accurate, customer-facing finding descriptions and remediation guidance that security practitioners trust and developers can act on
Maintain consistent standards across a high volume of findings
Surface patterns, edge cases, and unusual behaviors to the broader team
Identify patterns across findings and share feedback on where and how Sybil can improve