About First Source Arya Solutions
First Source Arya Solutions is a software development company focusing on developing state-of-the-art solutions for the global financial industry. We help our international clients grow their audience with customer-centric products and services.
A career at First Source Arya Solutions is an opportunity to make an impact in a fast-growing organisation that’s at the forefront of FinTech advancements.
About the role
We’re looking for a Security Researcher to join our Security team, which is responsible for protecting the company’s digital assets, from information to infrastructure and more. As a Security Researcher, you will perform penetration testing on our web applications, identify potential security issues, and assist our developers in patching security bugs. You will also manage our bug bounty programme, which includes analysing and validating external security reports.
● Analyse and optimise processes to handle unexpected situations more efficiently.
● Identify and predict security flaws by putting yourself in the shoes of a potential hacker.
● Stay abreast of the latest security bulletins and findings.
● Actively monitor our software development pipeline to find and raise potential security issues.
● Assist our developers in understanding and patching any bugs that you find.
● Encourage security awareness throughout the organisation via regular communication on security best
practices and the latest online threats.
● Check our systems against the latest attacks, vulnerabilities, and mitigations.
● Identify attack vectors.
● Conduct security reviews of production infrastructure.
● Build security tools and processes for critical infrastructure monitoring, protection, and
● Perform regular penetration testing of our web applications.
● Monitor our automated security scripts and utilise them to identify threats.
● Manage our bug bounty programme.
● Experience with web application security and testing, security monitoring, and intrusion
● Experience with fuzzing and finding edge cases in the validation stage
● Knowledge of encryption fundamentals and the OWASP Top 10
● A good understanding of attacks and mitigations such as timing, injection (e.g. form parameter/SQL),
side-channel, DoS, buffer overflows, and DNS cache poisoning
● Ability to assess the security impact of bugs and API inconsistencies
● Familiarity with industry standard tools such as Burp Suite and Metasploit
● Experience in writing custom code and scripts to investigate security threats
● A clear understanding of the OSI model, TCP/IP, and other industry-standard network defense
● Extensive experience in bug bounty programmes such as HackerOne, Bugcrowd, and Cobalt
● Knowledge of the latest industry trends and best practices in information security
OSCP, CEH, Security+, CISSP, or any GIAC certification
Perks and benefits
● Market-based salary
● Annual performance bonus
● Health benefits
● Flexi hours
Negar Tower, Tehran