Description
Startise is looking for an Application Security Engineer who has a deep personal interest in web application security and who can help us validate vulnerability reports and perform code-reviews on PHP and Javascript based applications. This is a crucial role to secure applications used by 6 million plus users globally. Most importantly, we're looking for a full-time team member who is an excellent communicator and who can grow with the rest of the team.
Requirements:
- Proven experience as an application security engineer or similar role
- A solid understanding of WordPress and its ecosystem is required
- A solid understanding of core PHP & JS, OOP and MySQL is required
- Strong understanding of Bash Scripting, Linux system administration, network security principles and protocols is required
- A solid understanding of how browsers, the web and HTTP works
- Hands-on experience with security testing tools like BurpSuite, OWASP ZAP, or Metasploit is required
- Deep understanding of web application security concepts and common vulnerabilities (OWASP Top 10, CVSS Scoring, CVE) is required
- Effective communication skills, with the ability to convey complex security concepts to technical and non-technical team members
Would be helpful:
- Regular attendance in CTF competitions will help identify a good candidate
- Active participation in bug bounty programs, demonstrating practical skills in identifying and resolving security vulnerabilities
- Having industry certifications is a plus
- Previous vulnerability research and findings, preferably CVE IDs assigned under your name
