Source Job

As an Application Security Engineer (ASE) you will curate and manage the incoming security vulnerability submissions to some of the world’s biggest companies’ bug bounty programs.You will be exposed to the Internet’s best security researchers and their cutting-edge security testing methodologies. ASEs need to have strong knowledge of OWASP Top Ten type vulnerabilities.

Bugcrowd empowers organizations to take back control and stay ahead of threat actors with their Security Knowledge Platform™.

• Collaborate with other teams to understand and articulate Cyber Risks in a threat-informed manner.
• Participate in performing physical exploitation, network exploitation and social engineering assessments against authorized targets.
• Develop scripts, tools and methodologies to increase Offensive Security's capabilities and educate other team members around automation and AI.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. As a FTSE 100 Index company listed on the London Stock Exchange, they have a team of 22,500 people across 32 countries, with corporate headquarters in Dublin, Ireland.

Join our team as a Senior Security Researcher to update and create new methodologies by performing research. Create and shape cutting-edge security service offerings, complete with methodologies and checklists that redefine industry standards. Immerse yourself in security research, uncovering emerging threats, vulnerabilities, and exploits before they make headlines.

Cobalt helps organizations of all sizes with seamless, effective and collaborative Offensive Security Testing that empower organizations to OPERATE FEARLESSLY.

This role will lead offensive security capabilities and vulnerability operations. You will direct and manage hardware, software, cloud, network and corporate system red team operations. You will manage vulnerabilities across the company.

Flock Safety is the leading safety technology platform, helping communities thrive by taking a proactive approach to crime prevention and security.

• Develop, deploy, and optimize bot-mitigation and service-abuse controls.
• Develop and maintain automated detection capabilities leveraging IP/ASN intelligence.
• Lead bot-related incident response activities, including triage, containment, and root-cause analysis.

Best Egg is a market-leading, tech-enabled financial platform helping people build financial confidence through a variety of installment lending solutions and financial health tools. They offer top-tier benefits and growth opportunities in a culture built on their core values and foster an inclusive, flexible, and fun workplace.

• Design and drive a security research program focused on identifying emerging threats and innovative defensive techniques.
• Drive original research into product, application, and ecosystem-level vulnerabilities, publishing findings responsibly.
• Partner with Product, Marketing, Engineering, and other teams by providing technical insights and evidence-based recommendations.

1Password is a cybersecurity company building the foundation for a safe, productive digital future. They have over 180,000 businesses trusting their products and boast a culture that prioritizes collaboration, transparent communication, and receptiveness to feedback.

• Assist in designing and maintaining secure infrastructure in cloud and on-premises environments.
• Lead incident response activities, managing the lifecycle from detection to recovery.
• Support detection engineering and refine detection rules for cloud, endpoint, and network environments.

Jobgether is a platform that connects job seekers with potential employers. They use AI-powered matching to ensure applications are reviewed quickly and fairly, then share the shortlist with the hiring company.

• Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services.
• Support and consult with product and development teams on effective vulnerability remediation and mitigation. Independently validate vulnerability fixes prior to release.
• Contribute to clear and actionable documentation that explains vulnerability impact, risk, and remediation guidance for technical and non-technical audiences, helping to scale PSIRT knowledge and practices across GitLab.

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Their high-performance culture is driven by their values and continuous knowledge exchange, enabling their team members to reach their full potential while collaborating with industry leaders to solve complex problems.

• Analyse incoming threat signals to produce actionable intelligence products.
• Maintain intelligence infrastructure and automation workflows.
• Conduct independent research on emerging threats and maintain a library of adversaries.

Canva is a design platform that enables users to create a variety of visual content. They have offices in Sydney and Melbourne, as well as co-working spaces in other Australian cities, and they values a flexible work environment.

• Research, track, and assess the threat landscape by analyzing relevant threat actors and campaigns.
• Analyze and prioritize information to develop actionable intelligence for detection coverage and response readiness.
• Partner with Detection Engineering to design and validate threat-based detections through adversary emulation and simulation.

1Password is building the foundation for a safe, productive digital future. They provide password management and access management solutions for businesses. They have surpassed $400M in ARR and have over 180,000 businesses as clients and have a culture that prioritizes collaboration and clear communication.

• Lead the design, develop, and implementation of incident response playbooks.
• Be part of a weekly on-call rotation and support in detection engineering.
• Identify areas for security improvement and translate that into workable solutions.

Ping Identity's cloud identity platform enables secure and seamless digital experiences. They are headquartered in Denver, Colorado, with offices and employees around the globe, serving large enterprises.

• Lead the design and implementation of secure architectures for Built’s applications, services, and AI/ML initiatives.
• Embed security throughout the development lifecycle by partnering with engineering teams on threat modeling, secure coding best practices, and design reviews.
• Perform internal penetration testing of applications, networks, and features to uncover weaknesses before attackers do.

Built is an AI-powered platform transforming how real estate is financed, developed, and managed. They started by fixing construction draw management for lenders and have grown into a comprehensive operating system. Built brings together passionate people who are driven in a variety of disciplines, each bringing their unique perspective to everything they do.

• Review DeFi strategies, protocol designs, and smart contracts for security risks and failure modes.
• Provide secure design input for new features and applications.
• Partner with the security team to advance application security initiatives.

FalconX is revolutionizing institutional access to the crypto markets by operating at the intersection of traditional finance and cutting-edge technology. They address the industry's foremost challenges, empowering clients with seamless navigation through the ever-evolving cryptocurrency landscape.

• Design and drive security solutions across product and internal applications
• Conduct threat modeling for existing systems and new product initiatives
• Partner with engineering teams to embed security into development and delivery workflows

Shakepay is reimagining financial services to give every Canadian their fair shake by making buying and earning bitcoin fast, easy, and secure. Since 2015, more than one million Canadians use Shakepay to grow their bitcoin savings; they are regulated across all Canadian provinces and territories, and backed by renowned venture capitalists with a funding of $44M.