Staff Security Research Engineer

About The Position

Requirements

• Bachelor's or Master's degree in Computer Science
• 8-10+ years of work experience
• Deep expertise with modern application stacks (microservices, containers, Kubernetes, cloud platforms like AWS/GCP)
• Prior development experience and a fair understanding of programming languages and frameworks are a must
• Proficient in at least one modern programming language (Python, Go, Java, JavaScript, etc.)
• Demonstrated experience in penetration testing, vulnerability research, and exploitation of Web/API ecosystems
• Strong foundation in computer science fundamentals, identity aware, network, application and runtime security
• Strong experience with various pen testing tools like Burpsuite, ZAP, etc.
• Strong applied knowledge of attacks in Web/API eco-system - Web attacks, API attacks, API abuse, API Fraud, ATO, etc.
• Strong knowledge of modern application security threats and mitigation platforms like (WAFs, WAAP, RASP, etc.)
• Working knowledge of IAST, DAST, and SAST
• Experience in responsible disclosure of vulnerabilities and a track record of CVEs or similar
• Proven track record of publishing high-quality research or presenting at top security conferences (e.g., Black Hat, DEF CON, RSAC, BSides) is a strong plus
• Certifications such as CEH, OSCP, OSCE, or relevant security credentials
• Strong analytical skills and the ability to conduct complex security research autonomously
• Ability to work autonomously and drive complex security investigations from hypothesis to implementation

Responsibilities

• Conduct cutting-edge research on modern attack vectors across AppSec, CI/CD pipelines, runtime environments, and emerging technologies like LLMs
• Develop and refine advanced exploit techniques to prevent attacks targeting software delivery, runtime from code to cloud
• Collaborate with research, product and engineering to prototype and implement detection and mitigation strategies for emerging threats
• Perform in-depth security assessments and penetration testing of web applications, APIs, build systems, and cloud-native environments
• Engage with customers to understand their application landscape and provide expert guidance on integrating product capabilities with their security requirements
• Support pre-sales, POCs, and post-sales engagements by troubleshooting and solving complex detection and protection challenges
• Build internal tools to automate and enhance security research workflows
• Evangelize our research and platform through blogs, white papers, and talks at premier security conferences
• Analyze global cybersecurity incidents to extract learnings and apply them across domains

Benefits

• $150,000—$226,000 USD