Penetration Research Engineer
We are looking for outstanding security researcher focused on internal offensive research across
different cloud-application projects with our team in Huawei Moscow Research Center. Do you have experience with identifying application attacks,
developing PoC, and tools for automation in application vulnerability research?
What you’ll be doing?
- Making sure application cloud-native stack and implementation are secured. This
includes:- Discover, develop, and define new testing techniques through a multi-disciplinary
investigative approach to new technologies, architectures, emerging threats, and
standards. - White/Black-box Application assessment;
- Collaborate with Huawei’s Application Security Engineers to release new testing
capability to our customers by providing detailed specifications, target
environments, and sample code. - Automate your security testing activities.
- Discover, develop, and define new testing techniques through a multi-disciplinary
- Coordinate with internal colleagues to follow up on vulnerability remediation.
- Leading the identification of advanced security systems and controls to ensure the
monitoring and configuring of security appliances. - Researches and assesses new threats and security alerts and recommends remedial action.
- Act as a source of direction, training, and guidance for Huawei’s staff across globally
distributed business unit
What we expect from you?
- BA in Computer Science, Information Security or similar relevant field
- 5+ years of experience in information security.
- 3+ years of penetration testing / security research / Application Security experience
- Fundamental application security technologies including: DAST, SAST, MAST, IAST,
RASP, SCA. - Experience conducting infrastructure penetration tests, maintain web application testing
tools, performing manual testing and source code review using tools, validating test
results, identifying root cause, analyzing vulnerabilities and helping develop platform
specific remediation plans. - Proficient in multiple programming languages such as Java, C#, PHP, Python, Ruby,
Golang etc. - Proficient in cloud-native technologies such as Kubernetes, Docker etc
- Preferable certifications: OSCP, OSCE, OSWE
- The Achievements would be a plus: CTF and Bug Bounty participation, public
acknowledgments for responsible Vulnerability Disclosure
The company offers excellent compensation (above market rate) for good candidates and the
opportunity to grow with top-talented security experts. Office is in Moscow city center (m. Smolenskaya).
Contacts: @YuliaNovikova