Security Researcher - Web Application Security

  • Category: Research & Development
  • Team: Security Research
  • Location: Warsaw, Poland

Description

Position at Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

SpiderLabs is the advanced security team responsible for application security, incident response, penetration testing, physical security and security research for Trustwave's clients. In addition, SpiderLabs performs 3rd party security reviews and intelligence for Trustwave's products and provides and security thought leadership to the entire organization. SpiderLabs has responded to hundreds of security incidents, performed thousands of penetration tests and security tested hundreds of business applications for some of the largest organizations in the world. Members of SpiderLabs are frequently asked to speak at security conferences around the world. SpiderLabs has research facilities in Chicago, Sao Paulo, London, Israel, Sydney and Auckland.

We are currently looking for a highly motivated hands on Web Application Security Researcher to join our Spiderlabs Web Application Security Research Team. The researcher will work on the popular open source web application firewall ModSecurity and Trustwave's proprietary Web Application Security Scanner.

The researcher will be responsible for tracking new trends in the web application security field, conducting vulnerability research on web applications attacks (such as SQL Injection and Cross-site Scripting), analyzing new threats and developing defensive protections including writing new ModSecurity rules for our commercial offering and detection signatures for our Web Application Security Scanner.

Responsibilities:

  • Research, design and implement rules for our commercial ModSecurity ruleset
  • Track trends, threats and perform research to include in ruleset
  • Active participation in the open-source community for ModSecurity
  • Research, design and implement signatures for our Web Application Scanner
  • Participate in code reviews
  • Collaborate with engineering teams to meet our objectives


Desired Requirements

  • Knowledge of HTTP protocol
  • Experience using Web Application testing tools, like Burp or SQLMap
  • Experience programming python or other object-oriented languages such as java/c++
  • Experience with source control, code review and issue tracking tools like Git, JIRA, etc
  • Highly motivated; Deadline and detail oriented


Additional Plus Competencies

  • Knowledge/Experience with regular expressions   
  • Experience in web application security and writing exploits, vulnerabilities and attack detection signatures
  • Contributions to open source projects
  • Research and Development background.
  • BSc in Computing or equivalent is preferred.
  • Experience and/or willingness to present at security conferences like DEFCON, BlackHat, etc.
  • Experience and/or willingness to write technical blog posts (See

 

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/)

Education:
We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

To All Agencies:
Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.

Share this opportunity

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely.Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries.

To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.