Threat Researcher

Remote /
Research /
Full-time
About Ghost:
At Ghost, we are building a cloud scale security platform for the modern enterprise. Our founding team are veterans of the cyber security industry with decades of experience building teams and products for the most demanding commercial and public sector organizations. Ghost is backed by top tier venture firms and is on a mission to raise the bar of what is possible and what is expected of modern enterprise security tools and platforms. We are a remote-first and globally distributed team. Our philosophy is based on the principles of learning, collaboration, transparency, experimentation, and passion.

•  We are outcome-driven and dedicated
•  We are customer-obsessed
•  We believe in people's ability to grow
•  We believe enterprise software can be beautiful

About the Role:
We are looking for Threat Researchers to help us research and discover modern threats to web applications and APIs. As a Threat Researcher at Ghost, your work will lead to improved threat detection and defense capabilities for Ghost customers. You'll working closely with our platform engineers to implement powerful capabilities that protect Ghost customers from modern threat actors. If you have a solid background in web application pen testing, threat research, or web based exploit development, we want to meet you.

Ghost is growing fast and the research team is no exception. The role is fully engaged - you will be writing code, testing exploit scenarios, and validating detection and defensive measures. You'll need to be comfortable collaborating closely with other members of the research team, engineers, and product managers to deliver an exceptional security platform for our customers.

About You:

    • Experienced at rapidly prototyping web app, API, and distributed system exploits proof-of-concepts in code (Python or Go preferred)
    • Experienced at self-directed, precisely scoped threat research
    • Comfortable working in an asynchronous, distributed team environment with team members in different time zones
    • Have demonstrable work product hosted online (e.g. code repos, projects, reports, articles, or documentation)
    • Have experience participating in commercial bug bounty programs
    • Have experience creating or participating in capture-the-flag style simulation environments
    • Have excellent verbal and written communication skills (English)

Benefits:
•  Competitive compensation and stock options
•  Full health insurance, including vision and dental
•  Monthly health & wellness allowance for gym, spa, therapy, etc.
•  Remote first working, with most team members between the Eastern and Pacific time zones
•  Home office upgrade budget to be sure you have the right tools to do your best work
•  Learn and Grow - we provide continuing education stipend to attend industry relevant training, conferences, and events that help you build your network and skills
•  Unlimited PTO - we require employees to take at least 2 weeks off per year
•  Quarterly off-sites at amazing locations

Ghost is committed to fostering and supporting an inclusive community within our organization. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Ghost encourages everyone to apply for our available positions, even if they don't necessarily check every box on the job description.