Penetration Testing Researcher

Company Description

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on X, LinkedIn or Facebook.

Job Description

Responsibilities:

• Collaborate with engineering teams on architecting, implementing technologies, processes, and improvements around product security by performing threat models, penetrations tests, and sharing security expertise.
• Develop security testing plans to identify misconfigurations, vulnerabilities, and visibility shortfalls.
• Assist, mentor, and educate about internal secure development methodologies and CyberArk  "Security Champions" program.

Critical skills:

• 4+ years of experience working in the software development industry as a test engineer or an engineer with responsibilities relating to security.
• Background in Whitebox penetration testing.
• Bachelor’s degree in Computer Science, Computer Information Systems, Software Engineering, or Mathematics or a related field, or its equivalent.
• Programming experience in one or more languages (Java, JavaScript, Python, Shell/BASH, C/C, C#).

#LI-HK01

Qualifications

Desirable skills:

• OSCP certification a huge plus.
• Experience with web application scanning tools (e.g. Static / Dynamic, Interactive, etc.) including Qualys WAS, Appspider, Acutenitx, Veracode, Burp Suite, Netsparker, OWASP Zap, Checkmarx, Whitesource, Snyk or similar.
• Past development expertise or operational or consultative experience supporting application security teams.
• Threat modeling experience.
• Experience using source code management tools such as Perforce, GIT or equivalent.
• Strong debugging skills and experience performing security code reviews.
• Experience with Active Directory and/or LDAP.
• Understanding of PKI, Certificate security, encryption, HTTPS.
• Strong written and oral communication and collaboration skills, ability to collaborate effectively in team, across team and with management and other disciplines.
• Experience working with product management, engineering and ops to help them buy into a potentially disruptive, but important, security update/change.
• Demonstrated security research activities (e.g. participation in bug bounties or credit for reporting CVEs).