Senior Vulnerability Researcher – Cybersecurity

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Conduct security research on web applications, APIs, and intricate application workflows.

• Identify, validate, and replicate real-world vulnerabilities present in contemporary applications.

• Examine authentication, authorization, session management, and access control mechanisms.

• Convert manual penetration testing methods into automated detection and exploitation logic.

• Create and enhance payloads, exploit strategies, and methods for validating vulnerabilities.

• Investigate HTTP traffic, browser behavior, and application flows to reveal security weaknesses.

• Collaborate with engineering teams to enhance the platform’s automation and offensive security capabilities.

• Clearly document findings, including technical details, impact analysis, and steps for reproduction.

⛳️ Requirements

• Over 5 years of practical experience in vulnerability research, penetration testing, bug bounty programs, or offensive security.

• Strong knowledge of web application and API security.

• Thorough understanding of authentication and authorization flows; JWT, OAuth, SSO, sessions, and cookies; access control vulnerabilities and privilege escalation.

• Proven track record of identifying vulnerabilities (IDOR/BOLA, business logic flaws, authentication bypasses, privilege escalation vulnerabilities).

• Experience with offensive security tools (Burp Suite, Postman, curl, Browser DevTools).

• Capability to analyze and manipulate HTTP requests/responses and application behavior.

• Scripting experience in Python or JavaScript.

• Experience in transforming manual pentesting workflows into automated testing logic.

• Excellent communication and documentation skills.

• Conversational proficiency in English.

• Must reside in Latin America.

• Nice to have:

• Strong Python development skills.

• Experience with browser automation tools (Playwright, Selenium, Puppeteer).

• Familiarity with GraphQL, gRPC, WebSockets, and mobile APIs.

• Exposure to cloud security environments.

• Understanding of AI-driven security or automated exploitation workflows.

• Familiarity with tools such as Nuclei or custom vulnerability scanners.

🏝️ Benefits

• 100% Remote Work: Enjoy the flexibility to work from wherever you thrive, needing only a laptop and a reliable internet connection.

• Highly Competitive USD Pay: Receive an excellent, market-leading salary in USD that surpasses typical market standards.

• Paid Time Off: We prioritize your well-being. Our paid time off policies allow you to relax and rejuvenate as needed.

• Work with Autonomy: Experience the freedom to manage your schedule as long as the work is completed. Focus on outcomes, not hours.

• Collaborate with Top American Companies: Enhance your skills while working on innovative, high-impact projects with leading U.S. companies.