R0 CREW

Penetration Research Engineer (Expert)

Penetration Research Engineer

We are looking for outstanding security researcher focused on internal offensive research across
different cloud-application projects with our team in Huawei Moscow Research Center. Do you have experience with identifying application attacks,
developing PoC, and tools for automation in application vulnerability research?

What you’ll be doing?

  • Making sure application cloud-native stack and implementation are secured. This
    includes:
    • Discover, develop, and define new testing techniques through a multi-disciplinary
      investigative approach to new technologies, architectures, emerging threats, and
      standards.
    • White/Black-box Application assessment;
    • Collaborate with Huawei’s Application Security Engineers to release new testing
      capability to our customers by providing detailed specifications, target
      environments, and sample code.
    • Automate your security testing activities.
  • Coordinate with internal colleagues to follow up on vulnerability remediation.
  • Leading the identification of advanced security systems and controls to ensure the
    monitoring and configuring of security appliances.
  • Researches and assesses new threats and security alerts and recommends remedial action.
  • Act as a source of direction, training, and guidance for Huawei’s staff across globally
    distributed business unit

What we expect from you?

  • BA in Computer Science, Information Security or similar relevant field
  • 5+ years of experience in information security.
  • 3+ years of penetration testing / security research / Application Security experience
  • Fundamental application security technologies including: DAST, SAST, MAST, IAST,
    RASP, SCA.
  • Experience conducting infrastructure penetration tests, maintain web application testing
    tools, performing manual testing and source code review using tools, validating test
    results, identifying root cause, analyzing vulnerabilities and helping develop platform
    specific remediation plans.
  • Proficient in multiple programming languages such as Java, C#, PHP, Python, Ruby,
    Golang etc.
  • Proficient in cloud-native technologies such as Kubernetes, Docker etc
  • Preferable certifications: OSCP, OSCE, OSWE
  • The Achievements would be a plus: CTF and Bug Bounty participation, public
    acknowledgments for responsible Vulnerability Disclosure

The company offers excellent compensation (above market rate) for good candidates and the
opportunity to grow with top-talented security experts. Office is in Moscow city center (m. Smolenskaya).

Contacts: @YuliaNovikova