Senior Security Researcher

Description

The browser has become the main productivity tool for employees due to driving trends like working remotely, BYOD, and web-based SaaS applications. 

At Seraphic, we are revolutionizing browser security. Our patent-pending technology offers unmatched protection against zero-day attacks, phishing, and malicious downloads. By operating at the core of the browser, we provide comprehensive visibility and control, preventing data loss and leakage. 

Why Seraphic? 

• Cutting-Edge Protection: Full defense against all browser threats 
• Seamless Access: Browse internal sites and private applications directly from your browser without a VPN or a remote desktop 
• Innovative Environment: Be part of a team leading the cybersecurity frontier shaping the modern solutions impacting billions of users 
• Challenging Technologies: Engage with a rich SaaS app, high-scale backend processing millions of requests, and a core networking solution, all with the highest level of security 
• Innovation and Leadership: Leverage our patented technology and leadership recognition, such as Frost & Sullivan's 2024 Enabling Technology Leadership Award for Global Zero Trust Browser Security 
• Collaboration and Team: Work with industry experts in a collaborative environment to solve complex problems 

This is an exciting opportunity to join a fast-growing start-up company, consisting of talented team players, with the best-of-breed solution revolutionizing browser security. 

Join us in shaping the future of secure browsing! 

We are seeking a talented and passionate Senior Security Researcher to join our team. In this role, you will explore vulnerabilities, analyze emerging threats, and develop innovative solutions to secure web technologies. As a key contributor, you’ll collaborate with a team of experts to ensure Seraphic remains at the forefront of browser and endpoint security. 

This role is pivotal in driving Seraphic’s innovation, leveraging deep security expertise and data-driven insights to continually evolve our cutting-edge solutions and safeguard our customers in an ever-changing threat landscape. 

What you'll do: 

• Threat Research: Identify and analyze emerging security threats, vulnerabilities, and attack techniques in web browsers and related technologies 
• Exploit Development: Simulate real-world attacks to evaluate and improve the resilience of our solutions 
• Vulnerability Discovery: Conduct in-depth research to uncover vulnerabilities in web technologies, browser extensions, and web applications 
• Improve and Develop Security Modules: Analyze data collected from our platform to extract actionable insights that enhance existing security modules or propose innovative algorithms to provide superior protection for our customers. 
• Collaboration: Work closely with the engineering and product teams to integrate findings into Seraphic's solutions and enhance product security 
• Publishing: Write technical reports, advisories, and white papers to share findings internally and externally when appropriate 
• Tool Development: Develop tools, scripts, or frameworks to automate threat analysis or identify vulnerabilities 
• Staying Current: Monitor industry trends, participate in security conferences, and contribute to the security community 

Requirements

What you’ll bring with you: 

• 5+ years in security research, vulnerability analysis, or a related field 
• Researching or securing web technologies, browser extensions and plugins 
• Discovering vulnerabilities leading to CVEs 
• Deep understanding of web technologies, browser internals, and JavaScript 
• Proficiency in reverse engineering and debugging tools 
• Familiarity with exploit development and mitigation techniques (ASLR, DEP, etc.) 
• Experience with modern web application architectures and frameworks 
• Understanding of network security and common protocols (HTTP, HTTPS, etc.) 
• Web technologies, malware analysis 
• Skilled in scripting languages like Python, JavaScript, or Bash 
• Experience with tools such as Burp Suite, IDA Pro, Ghidra, or similar 
• Strong analytical and problem-solving skills 
• Excellent communication skills, both written and verbal 

Nice to have but not a must: 

• Certifications: OSCP, OSWE, or similar certifications in web and application security 
• Community Engagement: active participation in bug bounty programs, security forums, or contributions to open-source security tools