Application Security Engineer

Parallels International GmbH

$90K — $130K *
US-AnywhereRemote in Canada
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • BSc/MS in computer science or related field
  • 3+ years of industry experience
  • Experience reading, writing, and debugging C++ and Python code
  • Demonstrable experience with web exploitation techniques and tools
  • Proficiency with reverse engineering tools
  • OSCP/OSWE/OSED/RET2 certification

Responsibilities

  • Reproduce and triage incoming vulnerabilities from security automation/bug bounty programs
  • Discover vulnerabilities and construct exploits for core Parallels applications
  • Assist in the CVE disclosure process
  • Provide threat models and design reviews for teams throughout the company
  • Assist in tuning existing static and dynamic analysis tools

Benefits

  • Work with a talented team on impactful security projects
  • Opportunity for hands-on experience in exploit development and CVE discovery
  • Remote work flexibility
  • Strong focus on continuous learning
  • Engagement in real-world security challenges that affect millions of users
Full Job Description
Application Security Engineer

Parallels is seeking a highly motivated and talented Application Security Engineer to join our team. In this role, you will make security decisions that impact millions of our customers while gaining hands-on experience in exploit development and CVE discovery. The ideal candidate will combine an attacker mindset with the humility and detail-oriented attitude required to coordinate fixes and security architecting with busy engineers.

Your primary responsibility will be to coordinate with more senior members of our team to write exploits and design fixes for existing application vulnerabilities. You will also help search for new critical/high risk vulnerabilities in our codebase. In addition, you will assist in vulnerability disclosure processes and help implement repeatable secure development practices.

As issues are uncovered, you will communicate with the appropriate technical and leadership teams to ensure a focus on risk mitigation - allowing for business continuity, but without negligent risk. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.

What you'll do:

  • Reproduce and triage incoming vulnerabilities from security automation/bug bounty programs, then propose granular fixes to engineers
  • Discover vulnerabilities and construct exploits for core Parallels applications such as Parallels Remote Application Server
  • Assist in the CVE disclosure process
  • Provide threat models and design reviews for teams throughout the company
  • Assist in tuning existing static analysis, dynamic analysis, and dependency management tools


Desired Qualities:

  • An attacker mindset: engineers will often want proof before fixes are implemented
  • Eagerness to learn - you are not expected to know everything coming in, but you should continuously learn new techniques on the job
  • The ability to communicate clearly, acknowledge mistakes, and disagree when necessary
  • Demonstrable passion for offensive security
  • Experience reading, writing and debugging C++ and Python code
  • Basic experience with memory exploitation techniques
  • Demonstrable experience with web exploitation techniques and tools (e.g. PortSwigger lab scoreboards)
  • Excellent written and oral communication skills


Ideal Candidate Will Have:

  • BSc/MS in computer science or a related field
  • Previous CVEs in desktop applications
  • Proficiency with reverse engineering tools
  • Significant experience in memory exploitation techniques (e.g. gaining code execution from memory vulnerabilities in modern operating systems)
  • Familiarity with cloud security best practices
  • 3+ years of industry experience
  • OSCP/OSWE/OSED/RET2 certification


What are you waiting for? Apply now. We can't wait to meet you.

(FYI, we're lucky to get a lot of interest and we appreciate every application - please note we'll only reach out if you've been selected for an interview.)

#LI-Remote

Similar Jobs

More Jobs at Parallels International GmbH

More Information Technology Jobs

Find similar Application Security Engineer jobs: