Fully Remote
At DefensePoint, we are a small and ambitious company dedicated to Software Security and Identity and Access Management (IAM). Our mission is to contribute to a safer and better internet. With an amazing remote team spread across 10 countries, we take pride in being recognized as a great place to work.
We are seeking an Application Security Lead to join our team and embark on an exciting new development project that aims to revolutionize the Application Security industry.
This is a highly rewarding remote position that offers flexibility and the ability to work from anywhere.
Responsibilities:
As an Application Security Lead, you will have the opportunity to:
- Conduct research and design scan engine rules in close collaboration with the development team for Static Application Security Testing (SAST).
- Engage in product design discussions to drive innovation and develop the next generation SAST tool.
- Perform advanced-level security source code analysis across multiple programming languages.
- Research and document emerging application-level vulnerabilities while providing effective mitigation strategies.
- Analyze programming frameworks and languages to identify potential sources and sinks for SAST.
- Handle complex cases escalated from other teams, showcasing your expertise.
- Collaborate with software vendors in the community to discover and rectify flaws in software projects.
- Mentor both senior and junior engineering resources, sharing your knowledge on all aspects of security.
Your profile:
To be successful in this role, you should have:
- Experience with security review of source code.
- A minimum of 5 years of experience in application security or code security research, including a deep understanding of application security attacks, vulnerabilities, and mitigations.
- Proficiency in 2-3 programming languages such as Java, C#, Go, JavaScript (JS), Python, PHP, Ruby, etc.
- A language-agnostic approach to vulnerability identification in source code, with the ability to comprehend and identify vulnerabilities in multiple programming languages.
- Knowledge of common web application security vulnerabilities, including OWASP TOP 10, OWASP API Top 10, SANS 25, etc.
- Familiarity with static code analysis, with experience in fuzzing tools considered a plus.
- Understanding of software engineering principles, data structures, and Object-Oriented Design.
- Excellent written and verbal communication skills in English.
- A customer-centric mindset.
- Experience in leading or managing teams.
Nice to Have:
While not mandatory, the following qualifications are desirable:
- A BSc or BA degree in Computer Science or a related field.
- Experience collaborating with development teams.
- Experience in bug bounty research or published advisories/exploits for discovered 0-day vulnerabilities in applications.
- Knowledge of the Perl programming language or a strong desire to acquire this experience.
- Understanding of Regular Expressions.
If this role excites you but you are concerned about not meeting all the requirements, please submit your application anyway. We would love to connect with you!
Join our team today and be a part of our journey to reshape the Application Security industry. Apply now!
Our recruiting process consists of...
- Send us your updated CV
- First interview (30 min)
- Technical Assessment
- Second interview (30 min)
- Offer
- Contract signing