Perform vulnerability research and security testing against our products, networks, platforms and infrastructure to identify potential attack vectors to protect the organisation.
Participate in security projects - scope the requirements, create POCs, execute test plans, create result reports, and resolve any issues.
Develop security assessment tools and processes to address identified vulnerabilities.
Assist in driving a security mindset within the company and collaborate with the wider security team and other groups to share ideas, tools and processes.
Experience required
8+ years of technical experience as a security researcher, red team member or equivalent role.
Experience with software architectures and cloud environment security (AWS/GCP) known issues and exploits.
Complete familiarity with writing custom code and scripts to investigate and reproduce security threats.
Understanding of the new and common attacks and mitigations such as timing, injection (e.g., form parameter/SQL), side-channel, DoS, buffer overflows, and DNS cache poisoning.
Comprehensive experience in bug bounty programmes such as HackerOne, Bugcrowd, Synack, and Cobalt.
Experience in scripting/coding (e.g. Perl, NodeJS, Javascript/Typescript).
Knowledge of operating systems such as Linux, MacOS and Windows.
OSCP, OSWE, CEH, Security+, CISSP, or any GIAC certification.