Application Security Researcher

Threat Research Center Remote, US, United States


Application Security Researcher 

WhiteHat Security is looking for experienced application security professionals to join the research and development team within the WhiteHat Security Threat Research and Operations Center. As a WhiteHat Application Security Researcher, you will:

  • Discover, develop, and define new testing techniques through a multi-disciplinary investigative approach to new technologies, architectures, emerging threats, and standards.
  • Collaborate with WhiteHat’s Application Security Engineers to release new testing capability to our customers by providing detailed specifications, target environments, and sample code.
  • Participate in the definition of WhiteHat standards, policy, and processes by contributing subject matter expertise across a range of technologies, security disciplines, development practices, and operations paradigms.
  • Communicate the results of your research internally and externally via blog posts, white papers, speaking at industry conferences etc.
  • Recommend improvements to core analysis capabilities and participate in the development of proof-of-concept innovations of next generation analysis methodologies. 


  • Bachelor’s Degree in computer science, information security related field, or equivalent experience.
  • Minimum of three years of application security testing experience.
  • Minimum of two years of application development experience.
  • Demonstrable mastery of
    • Vulnerability discovery and exploitation.
    • Fundamental application security technologies including: DAST, SAST, MAST, IAST, RASP, SCA
    • Vulnerability taxonomies and industry standards such as: OWASP, CWE, PCI, NIST
    • JavaScript and JavaScript Accessories 


  • Proficient in multiple programming languages such as Java, C#, PHP, Python, Ruby, Golang etc.
  • Expertise in containerization, virtualization, and cloud native technologies across multiple platforms: AWS, Azure, GCP, etc.
  • Experience with design, architecture, and deployment of sandbox and testing environments.
  • Examples of communicating research results to technical and non-technical audiences.
  • Thought leadership, and practice in the integration of DevOps and security.
  • Relevant certifications a plus CASS, CSSLP, CCSP, CAP, CEH, OSCP, OSWE, etc.

WhiteHat Security is an E-Verify employer and is proud to provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics.