Security Researcher - Web Application Team

  • Category: Research & Development
  • Team: Security Research
  • Location: Salcedo Village, Makati

Description

Position at Trustwave

Trustwave is a leading cybersecurity and managed security services provider that helps businesses fight cybercrime, protect data and reduce security risk. Offering a comprehensive portfolio of managed security services, security testing, consulting, technology solutions and cybersecurity education, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

Trustwave SpiderLabs is the advanced security team responsible for security research, application security, incident response and penetration testing for Trustwave's clients. In addition, Trustwave SpiderLabs performs 3rd party security reviews and intelligence for Trustwave's products and provides security thought leadership to the entire organization. Members of Trustwave SpiderLabs are frequently asked to speak at security conferences around the world.

Trustwave SpiderLabs has research facilities in Chicago, Warsaw , London, Israel, Sydney and Auckland.

We are currently looking for a talented, highly motivated Web Application Security Researcher to join our Spiderlabs Web Application Security Research Team in Manila.

The researcher will be responsible for  tracking new trends in the web application security field, conducting vulnerability research on web applications attacks (such as SQL Injection and Cross-site Scripting), analyzing new threats and developing defensive protections including writing new ModSecurity rules for our commercial offering and detection signatures for our Web Application Security Scanner. The successful candidate will also be called upon to work with commercial WAF customers during professional services engagements.  This is a rare opportunity to work in a fulfilling role as part of a small team that is breaking new ground in the application security space. Trustwave is an exciting company with excellent customer ratings and outstanding growth rates.. 

Responsibilities:

  • Research, design and implement rules for our commercial ModSecurity ruleset   
  • Research, design and implement signatures for our Web Application Scanner (DAST)
  • Participate in code reviews
  • Participate in the design and architecture of new features   

Requirements:

  • R&D background
  • Experience in web server and web application vulnerability research
  • Experience with regular expressions and writing exploit, vulnerability and attack detection signature
  • Experience with Python, JavaScript or equivalent programming languages
  • Experience in Information Security
  • Experience working in an agile/scrum environment
  • Experience with source control, code review and issue tracking tools like Git, JIRA, etc.
  • Understanging of common Web Application vulnerabilities and exploit techniques
  • Experience using Web Application testing tools, like Burp or SQLMap
  • Highly motivated; Deadline and detail oriented
  • Bilingual English, verbal and written  

Additional Plus Competencies:

  • Information security or networking experience
  • Contribute to the design of the ModSecurity open source WAF
  • Excellent analytical thinking, troubleshooting, and problem solving skills
  • Experience with DevOps/System Administration
  • BSc in Computer Science or similar is preferred
  • Excellent customer service skills
  • Self managed and team oriented

Education:

We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.

 

Share this opportunity

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely.Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries.

To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.