WhiteSource
  • 4 active jobs (view)

  • Published: March 3, 2022
Category
Job Type
Level of education
Undergraduate
Spoken Language needed
English
Level of Hebrew
Medium
Location of job
Tel Aviv/ Ramat Gan
How many relevant years experience do you require for the role:
3 years

Description

WhiteSource is a successful, rapidly growing start-up offering a unique cloud-based solution of open-source management and security. We are getting millions of customer source code programs from all over the world and analyzing them automatically on a daily basis.

We are seeking a brilliant and independent Security Researcher to join our team.

This position is a one-of-a-kind opportunity to join a unique team responsible to create the next generation of security remediation. You will make a remarkable impact on WhiteSource and on the entire security application industry.

We are looking for security application enthusiasts. If you are up for the challenge, come and join us!

Our team is responsible for 3rd party security vulnerability remediation. We are expanding our portfolio of products, by starting development of a new, State-Of-The-Art, cloud-based solution in the field of application security via static application security testing (SAST).(If you are not familiar with what SAST means, it’s fine!)

Responsibilities:

- Research and discover Zero-Days in popular applications and conduct POCs if necessary
- Analyze application vulnerabilities and verify their characteristics and associated components
- Researching and designing scanning rules while working closely with a development team for SAST
- Analyzing different programming frameworks in different programming languages for potential sources and sinks for SAST
- Handle complex cases escalated from other teams
- Cooperate with vendors in the community to uncover and fix flaws in software projects

Requirements

- At least 3 years of experience in security research, including the understanding of application security attacks, vulnerabilities, and mitigations- Must!
- Understanding of at least 2-3 of the following programming languages -Java, C#, Go, JS, Python, PHP, Ruby, etc- Must!
- Language agnostic approach to vulnerability identification in the source code (ability to read multiple programming languages source code and identify vulnerable parts)
- Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.)
- Experience with static code analysis (fuzzing tools are a plus).
- Excellent English – written and verbal.
- Independence and can-do attitude, ambitious with high work ethic.
- Excellent interpersonal and communication skills.

Advantages:

- BSc or BA in Computer Science or a similar degree, or alumni of an IDF technology unit
- Experience working with development teams
- Experience with bug bounty research or published advisories or exploits for discovered 0day vulnerabilities in applications

Apply
(Check on your spam box)
Drop files here browse files ...

Related Jobs