Application Security Researcher

Baltimore/Remote
Engineering
Full-time
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber-attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.

About the Position
Our Application Security Research team is hyper-focused on continuous vulnerability and threat research affecting the world's software ecosystem. He or she will be responsible for maintaining the fidelity of research and findings in our real-time security intelligence platform. Most vulnerability findings will be based on third-party code in the Open Source community. However, additional efforts will be driven from findings in the Contrast platform. It will present an opportunity as a security researcher to contribute original research. The Application Security Researcher is responsible for supporting and contributing to Contrast’s growing and enhancing original security research efforts relevant to the development communities associated with Contrast Assess and Protect platforms. Original research will be published in company blogs, papers and presentations.

Roles and Responsibilities

    • Conduct basic and applied research on important and challenging problems in application security.
    • Help define and drive research projects, either on your own or in collaboration with others on the team.
    • Engage with Contrast’s product teams and customers to promote and seek out new research initiatives.
    • Support the gathering of language, library, license and application security research.
    • Process emerging threats, such as evaluating externally found CVEs and risks.
    • Development and presentation of content associated with the security research through conference speaking and/or blogging.
    • Provide tier-3 support for reported incidents and escalation of security findings review.
    • Ability to perform vulnerability and penetration testing assessments.
    • Support and drive the security evaluation of third party software and tools.

About You

    • Software background in Java or .NET (plus if you have experience with Python, NodeJS, Ruby and/or GoLang).
    • Deep understanding of the OWASP Top 10 and SANS/CWE Top 25.
    • Extensive experience with ethical hacking and vulnerability management reporting.
    • Knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc).
    • You have strong communication skills.
    • You ask questions, let others know when you need help, and tell others what you need.
    • 7+ years of experience of industry application security research or direct application.
    • Bachelor’s Degree in Math, Computer Science, Engineering or Information Systems
    • Experience with threat modeling and attack forensics.

What We Offer

    • Competitive compensation (salary + equity)
    • Medical, dental and vision benefits
    • Flexible paid time off
    • Daily in-office lunches
    • 401K
If you're amazing but missing some of these, email us your résumé and cover letter anyway. Please include a link to your Github or BitBucket account, as well as any links to some of your projects if available.
Email: careers@contrastsecurity.com.

We are changing the world of software security. Do it with us.  
We believe in what we do and are passionate about helping our customers secure their business. We work hard, and we have fun doing it.
Solve the impossible. Easy = boring. If you’re looking for a fun work environment and like a challenge, you’ll love Contrast Security.

By submitting your application, you are providing Personally Identifiable Information about yourself (cover letter, resume, references, or other employment-related information) and hereby give your consent for Contrast Security, and/ or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles and locations.