Binary.com Cyberjaya, Selangor, Malaysia
Jan 07, 2019Permanent
Binary.com is seeking a driven and analytical Security Researcher to perform penetration testing on our web applications, identify potential security issues, and assist our developers in patching security bugs. You will also manage our bug bounty programme which includes analysing and validating external security reports. Your skills and motivations You are a naturally curious and perceptive individual who can look at problems from multiple angles. You can put yourself in the shoes of a potential hacker in order to identify and predict security flaws in our systems. You always persevere with a task to the end –– even if there’s insufficient information to help you along. You are the type of person who thrives in a dynamic and challenging work environment. You approach even the smallest task with an open mind. Most importantly, you value the importance of constant, open, and honest communication. If you know what we can do to improve, we’re always open to your feedback. We always judge your suggestions based on merit, and not personal bias. We are looking for someone who loves to: Keep up with the latest news and trends in security research Do great work, and inspire people around them to do the same Work with highly talented people in an exciting, multinational environment Get things done in a no-nonsense manner Work without bureaucracy and hierarchy Analyse and optimise processes to handle unexpected situations more efficiently Be extremely hands-on, and also have a say in the company’s big picture strategy Have the latest tools and technologies at their disposal Learn and improve, day in and day out To excel in this role, you must have: Experience with web application security and testing, security monitoring, and intrusion detection Experience with fuzzing and finding edge cases in validation Understanding of encryption fundamentals and the OWASP Top 10 A good understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL), side-channel, DoS, buffer overflows and DNS cache poisoning Able to assess the security impact of bugs and API inconsistencies Familiarity with industry standard tools such as Burp Suit and Metasploit Experience in writing custom code and scripts to investigate security threats A clear understanding of the OSI model, TCP/IP, and other industry-standard network defense concepts Knowledge of the latest industry trends and best practices in information security Extensive experience in bug bounty programmes such as HackerOne, Bugcrowd, and Cobalt OSCP, CEH, Security+, CISSP, or any GIAC certification is an advantage Your Role Binary.com’s IT team is responsible for the design, development, and operation of our high-traffic web applications. As our Security Researcher, we expect you to stay informed about the latest security bulletins and findings, and actively monitor our software development pipeline to find and raise potential security issues. As a strong proponent of open source, we encourage publication of findings, methods, and tools via GitHub and our technical blog at https://tech.binary.com/ You will also assist our developers in understanding and patching the bugs that you find. You will also encourage security awareness throughout the organisation via regular communication on security best practices and the latest online threats. You will: Check our systems against the latest attacks, vulnerabilities, and mitigations Identify attack vectors Conduct security reviews of production infrastructure Build security tools and processes for critical infrastructure monitoring, protection, and mitigation Perform regular pentesting of our web applications Monitor our automated security scripts and utilise them to identify threats Manage our bug bounty programme Remuneration and benefits You will enjoy a market-based salary; annual performance bonus; health benefits; a casual dress code; and travel and Internet allowances. If you need to relocate, we will provide work permits and relocation assistance for you and your family.