Senior Vulnerability Researcher – Cybersecurity

This is a fully remote position, open to applicants in Argentina.

📋 Description

• Conduct security research on web applications, APIs, and intricate application workflows.

• Detect, verify, and replicate real-world vulnerabilities in contemporary applications.

• Evaluate authentication, authorization, session management, and access control mechanisms.

• Convert manual penetration testing methodologies into automated detection and exploitation frameworks.

• Create and enhance payloads, exploitation strategies, and methods for validating vulnerabilities.

• Examine HTTP traffic, browser behavior, and application processes to identify security flaws.

• Collaborate with engineering teams to enhance the platform’s automation and offensive security functionalities.

• Clearly document findings, including technical specifics, impact assessments, and reproduction steps.

⛳️ Requirements

• Over 5 years of practical experience in vulnerability research, penetration testing, bug bounty initiatives, or offensive security.

• In-depth knowledge of web application and API security.

• Comprehensive understanding of authentication and authorization processes; including JWT, OAuth, SSO, sessions, and cookies; as well as access control vulnerabilities and privilege escalation.

• Demonstrated experience in identifying vulnerabilities such as IDOR / BOLA, business logic flaws, authentication bypasses, and privilege escalation vulnerabilities.

• Proficient in using offensive security tools like Burp Suite, Postman, curl, and Browser DevTools.

• Capability to analyze and manipulate HTTP requests/responses and application behaviors.

• Experience in scripting with Python or JavaScript.

• Background in transforming manual pentesting workflows into automated testing logic.

• Excellent communication and documentation abilities.

• Conversational proficiency in English.

• Must reside in Latin America.

• Nice to have:

• Strong Python development skills.

• Experience with browser automation tools such as Playwright, Selenium, or Puppeteer.

• Familiarity with GraphQL, gRPC, WebSockets, and mobile APIs.

• Exposure to cloud security environments.

• Knowledge of AI-driven security or automated exploitation processes.

• Familiarity with tools like Nuclei or custom vulnerability scanners.

🏝️ Benefits

• 100% Remote Work: Enjoy the flexibility to work from the location that suits you best. All you need is a laptop and a reliable internet connection.

• Highly Competitive USD Pay: Receive an attractive, market-leading salary in USD that surpasses typical offerings.

• Paid Time Off: We prioritize your well-being. Our paid time off policies provide you with the opportunity to relax and recharge when necessary.

• Work with Autonomy: Enjoy the liberty to manage your time as long as you meet your work commitments. Focus on outcomes rather than the hours clocked in.

• Collaborate with Leading American Companies: Enhance your skills while working on innovative, high-impact projects with industry-leading U.S. companies.