Security Researcher/Developer (EMEA, Remote)

About the company

Bright Security is a rapidly growing global SaaS B2B company  tackling some of the biggest challenges in Application Security. Bright’s enterprise-grade, dev-centric Dynamic Application Security Testing (DAST) platform provides comprehensive application testing from development  to production and cloud, offering detailed vulnerability proof and remediation guidelines throughout the SDLC. Our solution accelerates issue awareness remediation from a 12-week average to same-day discovery.

About the product

Bright’s product is the first of its kind to integrate DAST testing into unit tests, integrating into CI/CD pipelines, and various educational programs designed for developers to adapt an ‘early and often’ posture when it comes to testing for security vulnerabilities.  With the Bright engine’s stellar technical and business logic, minimal false positives, and developer-centric design, there is no need for manual validation of security findings, removing costly and time consuming human bottlenecks that cripple rapid releases and drain dev team’s limited security resources.

Sphere of operation: Application Security Testing

Position

We are looking for a highly passionate, professional, hands-on software and team player Security Researcher/Developer  to help develop new tests for the Bright Security testing product.
You’ll have a unique opportunity to work with cutting-edge technologies and build applications that allow the world’s biggest enterprises to test their applications. 

Key Responsibilities:

• Conducting vulnerability and exploit research and analysis, finding security bugs (both business logic based and non business logic based) and modeling them into patterns that could be automated with code
• Maintaining current supported attacks in our DAST tool, analyzing results to decrease missed true positives and false positive rates
• Working very closely with software engineers, including developing new attacks for the Bright Security DAST product
• Prompt engineering, creating of security-related AI agents 

Qualifications:

• Excellent verbal and written English skills
• Knowledge of Web Application Security attacks including but not limited to OWASP Top 10 and API top 10
• At least 3 years working in a development environment, with one of those languages or similar ones: Python, Node.js, Go, C++, C#, Ruby
• Team player with the ability to work autonomously in a fast-paced, dynamic environment and enjoy collaborating on cross-region (Europe and Israel) teams
• Thorough knowledge of information security components, principles, practices, and procedures
• Experience in pentesting and reporting on identified vulnerabilities or equivalent experience in Appsec will be a plus
  

Bonus Skills: 

• Experience developing code in a centralized repo
• Familiarity with microservices architecture, and asynchronous communication mechanisms and tools (i.e. kafka, redis stream)
• Participating in Bug Bounties
• Security related certifications (CEH / OSCP)
• Experience developing tools for malicious code analysis, network traffic analysis and the detection of malicious code on endpoint systems
• Strong capacity for rapid learning and knowledge acquisition
• Familiarity with AI tools, prompt engineering
• Experience with security tools like zap, burp

Benefits

• Competitive salary.
• Remote work.
• An opportunity to work within the R&D team and grow professionally.
• World-class security experts changing the world of application and API security. Do it with us.
• A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.
• Opportunity to gain hands-on experience with STAR – a cutting-edge approach transforming traditional AST and redefining Application and API Security.