Application Security Engineer

Parallels International GmbH

$90K — $130K *
US-AnywhereRemote in United States
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • BSc/MS in computer science or related field
  • 3+ years of industry experience in application security
  • Demonstrable experience with web exploitation techniques and tools
  • Experience reading, writing, and debugging C++ and Python code
  • OSCP/OSWE/OSED/RET2 certification preferred
  • Significant experience in memory exploitation techniques
  • Familiarity with cloud security best practices

Responsibilities

  • Reproduce and triage incoming vulnerabilities from security automation and bug bounty programs, proposing fixes
  • Discover vulnerabilities and construct exploits for Parallels core applications
  • Assist in the CVE disclosure process
  • Provide threat models and design reviews for various teams
  • Assist in tuning static/dynamic analysis and dependency management tools

Benefits

  • Remote work flexibility
  • Opportunities for hands-on experience in exploit development and CVE discovery
  • Part of a team working on security decisions impacting millions of customers
  • Chance to collaborate with senior members of the security engineering team
Full Job Description
Application Security Engineer

Parallels is seeking a highly motivated and talented Application Security Engineer to join our team. In this role, you will make security decisions that impact millions of our customers while gaining hands-on experience in exploit development and CVE discovery. The ideal candidate will combine an attacker mindset with the humility and detail-oriented attitude required to coordinate fixes and security architecting with busy engineers.

Your primary responsibility will be to coordinate with more senior members of our team to write exploits and design fixes for existing application vulnerabilities. You will also help search for new critical/high risk vulnerabilities in our codebase. In addition, you will assist in vulnerability disclosure processes and help implement repeatable secure development practices.

As issues are uncovered, you will communicate with the appropriate technical and leadership teams to ensure a focus on risk mitigation - allowing for business continuity, but without negligent risk. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.

What you'll do:

  • Reproduce and triage incoming vulnerabilities from security automation/bug bounty programs, then propose granular fixes to engineers
  • Discover vulnerabilities and construct exploits for core Parallels applications such as Parallels Remote Application Server
  • Assist in the CVE disclosure process
  • Provide threat models and design reviews for teams throughout the company
  • Assist in tuning existing static analysis, dynamic analysis, and dependency management tools


Desired Qualities:

  • An attacker mindset: engineers will often want proof before fixes are implemented
  • Eagerness to learn - you are not expected to know everything coming in, but you should continuously learn new techniques on the job
  • The ability to communicate clearly, acknowledge mistakes, and disagree when necessary
  • Demonstrable passion for offensive security
  • Experience reading, writing and debugging C++ and Python code
  • Basic experience with memory exploitation techniques
  • Demonstrable experience with web exploitation techniques and tools (e.g. PortSwigger lab scoreboards)
  • Excellent written and oral communication skills


Ideal Candidate Will Have:

  • BSc/MS in computer science or a related field
  • Previous CVEs in desktop applications
  • Proficiency with reverse engineering tools
  • Significant experience in memory exploitation techniques (e.g. gaining code execution from memory vulnerabilities in modern operating systems)
  • Familiarity with cloud security best practices
  • 3+ years of industry experience
  • OSCP/OSWE/OSED/RET2 certification


What are you waiting for? Apply now. We can't wait to meet you.

(FYI, we're lucky to get a lot of interest and we appreciate every application - please note we'll only reach out if you've been selected for an interview.)

#LI-Remote

Similar Jobs

More Jobs at Parallels International GmbH

More Information Technology Jobs

Find similar Application Security Engineer jobs: