Cyber Security Expert - 4+ YOE

About the role

We are looking for a seasoned Cyber Security Expert to strengthen our application security posture. The role involves hands‑on vulnerability discovery, secure code review, and the development of robust mitigation strategies for complex security issues.

Key responsibilities

• Identify and research vulnerabilities through CVE analysis, bug bounty programs, red‑team exercises, and capture‑the‑flag events.
• Conduct secure code reviews and produce production‑grade patches for identified issues.
• Assess and remediate web‑security flaws such as OAuth misconfigurations, JWT weaknesses, SSRF, injection attacks, and access‑control problems.
• Analyze cryptographic weaknesses including timing attacks, padding oracles, and misuse patterns.
• Investigate filesystem vulnerabilities like TOCTOU, symlink attacks, and path traversal.
• Utilize SAST, Fuzzing, and IAST tools to automate detection and validation.
• Write and maintain security tooling in at least two of the following languages: Go, Python, Node.js, Rust.
• Work with Docker containers, Linux internals, and automated testing pipelines to ensure secure deployments.

Required profile

• Minimum 4 years of professional experience in cybersecurity, application security, or vulnerability research.
• Strong analytical skills with the ability to dissect obfuscated or minified code.
• Proficiency in Linux environments and containerization technologies.

Required skills

• CVE exposure
• Bug bounty participation
• Red teaming
• CTFs
• Secure code review
• Production‑grade patching
• OAuth
• JWT
• Authentication and session management
• SSRF
• Injection attacks
• Access‑control vulnerabilities
• Timing attacks
• Padding oracles
• Cryptographic misuse patterns
• TOCTOU
• Symlink attacks
• Path traversal
• SAST
• Fuzzing
• IAST
• Go
• Python
• Node.js
• Rust
• Docker
• Linux internals
• Automated testing
• Obfuscated code analysis