Overall Job Purpose
Majorel is seeking discerning individuals to analyze and reproduce vulnerability reports submitted to the public bug bounty program. The individual has to be proficient in webapp vulnerabilities: testing, exploitation, tooling, and remediation.
You’re focused on proactively identifying and surfacing abusive tactics, processes, and product features that contribute to system vulnerabilities, poor user experiences, and/or risk for the company. You will verify vulnerability reports, simulate abuse attacks, analyze and identify root-causes, and be a cross-product advocate for change. You will support one of the largest bug bounty/vulnerability rewards programs in the world. You’ll bring advanced technical skills, an analytic and curious mind, excellent communication, and a positive attitude to every task. You’ll teach others - both internally and externally.
Duties and Responsibilities
- Contribute by evaluating vulnerability reports from external researchers to identify risks to products and users.
- Collaborate with cross-functional groups such as Information Security Engineering, Product Teams, Trust & Safety, Privacy Working Groups, and Legal to address, understand, and mitigate potential threats.
- Translate product vulnerabilities into realistic and understandable user, product, and company risks and communicate that risk to various audiences.
- Escalate and log the relevant findings using internal tools
Required Qualifications & Experience
Mandatory
- The ideal candidate will have a degree in one of the following: computer science or engineering, IT systems, information/cyber security, or have equivalent work experience.
- Two years of professional experience in an application security or vulnerability/penetration testing role.
- Professional experience using BurpSuite (or other web security auditing proxy).
- Programming fluency in at least one of the following: Python, Ruby, C/C++, Java, or Go.
Preferred
- Two years of professional experience on technical red teams and/or bug bounty programs.
- Track record of high quality security and abuse research on various platforms.
- Previous experience with CTFs and hackathons.
- Experience with code review.
Soft Skills
- Excellent communication and presentation skills and the ability to work effectively with remote teams.
- Ability to meet deadlines with competing priorities.
- Interest in information security, a passion for learning, and staying up-to-date on latest infosec news.
- Strong work ethic and ability to work with limited supervision
Language:
- Full working proficiency in English.
Competencies
- Research Oriented
- Solutions Orientated
- Burp Suite
- Common web application vulnerabilities: XSS, CSRF, SQLi, IDOR, Auth bypass vulnerabilities.
- Common web application systems: JWT, OAUTH, CSP, SOP.
What we offer
- Training and upskilling processes
- Vibrant, multi-cultural environment
- Career & Personal Development
- Quarterly performance bonus
- Subsidized Life Insurance
- Private medical care package
- Cafeteria program with wide range of employee benefits (including Multisport)
- Internal Team and Wellness Activities
- Work in a modern office environment with access to free snacks and drinks