Application Security EngineerParallels is seeking a highly motivated and talented
Application Security Engineer to join our team. In this role, you will make security decisions that impact millions of our customers while gaining hands-on experience in exploit development and CVE discovery. The ideal candidate will combine an attacker mindset with the humility and detail-oriented attitude required to coordinate fixes and security architecting with busy engineers.
Your primary responsibility will be to coordinate with more senior members of our team to write exploits and design fixes for existing application vulnerabilities. You will also help search for new critical/high risk vulnerabilities in our codebase. In addition, you will assist in vulnerability disclosure processes and help implement repeatable secure development practices.
As issues are uncovered, you will communicate with the appropriate technical and leadership teams to ensure a focus on risk mitigation - allowing for business continuity, but without negligent risk. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.
What you'll do:- Reproduce and triage incoming vulnerabilities from security automation/bug bounty programs, then propose granular fixes to engineers
- Discover vulnerabilities and construct exploits for core Parallels applications such as Parallels Remote Application Server
- Assist in the CVE disclosure process
- Provide threat models and design reviews for teams throughout the company
- Assist in tuning existing static analysis, dynamic analysis, and dependency management tools
Desired Qualities:- An attacker mindset: engineers will often want proof before fixes are implemented
- Eagerness to learn - you are not expected to know everything coming in, but you should continuously learn new techniques on the job
- The ability to communicate clearly, acknowledge mistakes, and disagree when necessary
- Demonstrable passion for offensive security
- Experience reading, writing and debugging C++ and Python code
- Basic experience with memory exploitation techniques
- Demonstrable experience with web exploitation techniques and tools (e.g. PortSwigger lab scoreboards)
- Excellent written and oral communication skills
Ideal Candidate Will Have:- BSc/MS in computer science or a related field
- Previous CVEs in desktop applications
- Proficiency with reverse engineering tools
- Significant experience in memory exploitation techniques (e.g. gaining code execution from memory vulnerabilities in modern operating systems)
- Familiarity with cloud security best practices
- 3+ years of industry experience
- OSCP/OSWE/OSED/RET2 certification
What are you waiting for? Apply now. We can't wait to meet you.(FYI, we're lucky to get a lot of interest and we appreciate every application - please note we'll only reach out if you've been selected for an interview.)
#LI-Remote