Sr. Application Security Researcher

Contrast Security Named One of the Hottest Cybersecurity Companies in the 2024 Citizens JMP Securities LLC Cyber 66 Report Contrast recognized for its innovation in Runtime Security
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development to operations to production.
About the Position
Our Application Security Research team is hyper-focused on vulnerability and threat research affecting the world's software ecosystem to deliver world-class runtime application security products. He or she will maintain the fidelity of research and findings in our real-time security intelligence platform. This research can involve testing emerging vulnerabilities and novel research, both of which will be used to develop Contrast’s runtime capabilities further. This role will work closely with product and engineering functions to creatively solve complex problems in the world of application security. In addition to product development functions, this position will present opportunities to contribute original research for publication on company blogs, papers, and conference presentations.

Responsibilities

• Conduct basic and applied research on important and challenging problems in application security to creatively improve and innovate runtime products
• Help define and drive research projects, either on your own or in collaboration with others on the team
• Engage with Contrast’s product teams and customers to promote and seek out new research initiatives
• Support the gathering of language, library, license, and application security research
• Process emerging threats, such as evaluating externally found CVEs and risks
• Development and presentation of content associated with security research through conference speaking and/or blogging
• Provide tier-3 support for reported incidents and escalation of security findings review
• Provide mentorship and direction to the team

Qualifications

• Software background in Java and .NET (plus if you have experience with NodeJS, Python, and Ruby.)
• Able to develop purposefully vulnerable applications and exploit them
• Understand the OWASP Top 10 and SANS/CWE Top 25
• Experience with ethical hacking and vulnerability management reporting
• Knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc.)
• You have strong communication skills
• You ask questions, let others know when you need help, and tell others what you need
• 5+ years of experience in industry application security research, pen-testing, consulting, or direct application
• You have a hacker’s curiosity blended with an engineer’s problem-solving
• Please include a link to your Github or BitBucket account and any links to some of your projects, if available

We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.

What We Offer
Salary and Other CompensationThis position's standard base pay range is $120,000 - $145,000 annually. This position is also eligible for a VCP and equity package subject to the terms of the Company’s applicable plans. When determining a candidate’s compensation, we consider several factors: geography, skill set, experience, job scope, and current market data.
BenefitsContrast Security offers the following benefits for this position, subject to applicable eligibility requirements: Medical Insurance, Dental Insurance, Vision Insurance, 401(k) Retirement Plan with Employer Match, Life Insurance, Long Term Disability Insurance, Short Term Disability Insurance, Transit, and Commuter benefits, Flexible PTO, 56 hours of Annual Sick time, Paid Parental Leave and Paid Holidays.
DisclaimerThe salary, other compensation, and benefits information are accurate as of the date of this posting. The Company reserves the right to modify this information at any time, subject to applicable law.#LI-MA007 #LI-Remote
We are changing the world of software security. Do it with us.  We believe in what we do and are passionate about helping our customers secure their business.If you’re looking for a challenge and want to enjoy where you work, you’ll love Contrast Security.
Contrast Security is committed to a diverse and inclusive workplace. We are an equal-opportunity employer, and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations. At Contrast, we strive to build diverse teams that reflect the people we want to empower through our products. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Contrast is proud to be an equal-opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.
By submitting your application, you are providing Personal Information about yourself (cover letter, resume, email address, etc.) and hereby give your consent for Contrast Security, Inc. and/or our HR-related Service Providers to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. If you are a resident of the European Economic Area or are applying for a position in the European Economic Area, Contrast’s Privacy Statement reflects our policies around compliance with the General Data Protection Regulation (“GDPR”) and your rights respective to GDPR as a California resident, you are entitled to certain rights under CCPA: The California Consumer Privacy Act of 2018 (“CCPA”) will go into effect on January 1, 2020. Under CCPA, businesses must be overtly transparent about the personal information they collect, use, and store on California residents. CCPA also gives employees, applicants, independent contractors, emergency contacts, and dependents (“CA Employee”) new rights to privacy.
Recruitment Agencies: Although we value the services you provide, at this time, we are only accepting resumes from agencies, headhunters, or other suppliers who have signed a formal agreement with us.