Security Researcher
راهکارهای متن اول آریا
فرصت ارسال رزومه2 روز
حقوق (میلیون تومان)توافقی
حداقل سابقه کار بین 3 تا 7 سال
حداقل مدرک تحصیلیکارشناسی
موقعیت شرکتتهران / تهران
نوع قراردادتمام وقت
وضعیت نظام وظیفهمهم نیست 
جنسیتمهم نیست

شرح موقعیت شغلی

About First Source Arya Solutions
First Source Arya Solutions is a software development company focusing on developing state-of-the-art solutions for the global financial industry. We help our international clients grow their audience with customer-centric products and services.

A career at First Source Arya Solutions is an opportunity to make an impact in a fast-growing organisation that’s at the forefront of FinTech advancements.


About the role
We’re looking for a Security Researcher to join our Security team, which is responsible for protecting the company’s digital assets, from information to infrastructure and more. As a Security Researcher, you will perform penetration testing on our web applications, identify potential security issues, and assist our developers in patching security bugs. You will also manage our bug bounty programme, which includes analysing and validating external security reports.

Responsibilities
● Analyse and optimise processes to handle unexpected situations more efficiently.
● Identify and predict security flaws by putting yourself in the shoes of a potential hacker.
● Stay abreast of the latest security bulletins and findings.
● Actively monitor our software development pipeline to find and raise potential security issues.
● Assist our developers in understanding and patching any bugs that you find.
● Encourage security awareness throughout the organisation via regular communication on security best
practices and the latest online threats.
● Check our systems against the latest attacks, vulnerabilities, and mitigations.
● Identify attack vectors.
● Conduct security reviews of production infrastructure.
● Build security tools and processes for critical infrastructure monitoring, protection, and
mitigation.
● Perform regular penetration testing of our web applications.
● Monitor our automated security scripts and utilise them to identify threats.
● Manage our bug bounty programme.

Minimum requirements
● Experience with web application security and testing, security monitoring, and intrusion
detection
● Experience with fuzzing and finding edge cases in the validation stage
● Knowledge of encryption fundamentals and the OWASP Top 10
● A good understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL),
side-channel, DoS, buffer overflows, and DNS cache poisoning
● Ability to assess the security impact of bugs and API inconsistencies
● Familiarity with industry standard tools such as Burp Suite and Metasploit
● Experience in writing custom code and scripts to investigate security threats
● A clear understanding of the OSI model, TCP/IP, and other industry-standard network defense
concepts
● Extensive experience in bug bounty programmes such as HackerOne, Bugcrowd, and Cobalt
● Knowledge of the latest industry trends and best practices in information security

Preferred qualifications
OSCP, CEH, Security+, CISSP, or any GIAC certification

Perks and benefits
● Market-based salary
● Annual performance bonus
● Health benefits
● Flexi hours

Location
Negar Tower, Tehran