Agile Security Specialist (appsec / code heavy)
Curious and eager to learn, people work together at Securify to share their passions: application security, hacking and security research - with enthusiasm.
We are out-of-the-box thinkers and see possibilities for an attack where others would drop out. We never stop learning, and stay cutting-edge by continuously sharing knowledge amongst each other, experimenting with new techniques, and conducting our own security research projects.
From our office in Amsterdam we work collaboratively as a team. This way, we can reinforce each other and find a solution together whenever someone gets stuck on something challenging. This is exactly the power of Securify - when combined, we possess all the necessary knowledge and skill to make the impossible possible - while often surprising our clients with the most (if we may say so ourselves) brilliant findings!
If this sounds appealing to you too, and you see yourself working in a vibrant start-up environment where everyone is working side by side on extremely cool things and creating something big, then we would certainly like to meet you!
The Securify match
There is no catch-all diploma or certification for creative thinkers with a strong hacker mind-set. Our team, therefore, consists of players with different backgrounds. Software development, electronics, informatics, graphic design, mathematics, and even psychology. Oftentimes, it’s people who have immersed themselves into (software) security out of their intrinsic drive and passion!
At Securify we are fully focused on application / software security. In our view, this is by far the most important part of cyber security! It encompasses our most personal information, and the totality of most business operations. We even entrust software with our health and lives. It is everywhere, impossible to ignore, and growing at unprecedented speed. It is our mission to help companies build and use software in a responsible and safe way, put an end to the stream of large data leaks and incidents, and create a safer digital future! We need a bunch of passionate heroes for that!
Investigating the security of applications happens from the outside (hacking) but also from the inside - the source code. In here all details and secrets are awaiting you to really dive into the security core!
Because of this, it is important that you are at least comfortable with reading source code - or even better still - have programmed in the past (as a job or from your own interest or hobby). Some examples of profiles that fit perfectly within our team:
- Security-minded software developers who want to fully specialize in security.
- You have completed your studies in software development or IT and are strongly interested in security / hacking.
- You already work as an ethical hacker but would like to work within our team to get even better.
- Security-minded software testers / IT engineers who are comfortable with reading source code.
In short, if you are an experienced developer or security specialist, or are a talent yearning to learn more and wants to fully specialize with us through a paid traineeship, then we would like to meet you!
Your primary activities
You will be involved in performing security assessments (hack tests and code reviews) on mostly web and mobile applications. In many cases we also have access to the source code during our research in order to get a better view of the internal workings of an application and potential security problems. During your research you will work actively with your colleagues and you will regularly contact clients to report on the progress or escalation of critical findings.
Once you are completely up to speed, you will coordinate projects independently from beginning to end. This includes the intake, in which you discuss the wishes and correct approach with the customer and also the findings meeting where you explain and demonstrate your findings.
Research time!
Increasing our knowledge is paramount to staying ahead. Of course, you will gain a lot of new experience from your research, but we also spend a lot of time actively building our knowledge. You will, for example, work on internal (security) research projects, participate in CTFs, work on new tools, attend conferences and (give) internal presentations in which you or your colleagues demonstrate their research or spectacular findings of the week.
To give an impression of our vulnerability research projects - our team already discovered critical zero-day bugs in products such as: Microsoft, Adobe, Apple, Cisco, WD, Oracle, Citrix, Apache, Amazon, Seagate, Viber, Pinterest and Dell. All leaks were reported and dealt with in a responsible manner in cooperation with these organizations. In this way we contribute to the better protection of the millions of application users worldwide.
Have a look here for an overview of all our discoveries. We hope that you will be next on that list as our new employee!
Your work environment
You will come to work in a cosy, informal environment with a team of likeminded colleagues, all of which are enthusiastically engaged in their passion. The work will be very diverse because our assessments are typically short-term (1 to 4 weeks). You work with many different techniques and organizations, from small to large. One week you might assess a new Internet banking portal whilst hands-on testing a new app from a smart start-up after that.
By far the majority of assessments are carried out from our office in Amsterdam. In the case that is not possible (technically) it could be that you will visit clients to carry out (part of) the research at their location.
We’ve taken the "play hard" part a little too far now too. So, go insane on the table tennis table, during a game of Foosball with colleagues, or fuzzing, playing on one of our consoles, Arcade (soon), NERF guns or our cuddly mascot Tight-Tiger if you need some inspiration or love.
A regularly occurring treat is our epic dinners with the whole team, and we close the week with a nice drink that we often combine with random talks from colleagues. These talks can be about all kinds of subjects such as security research, the most beautiful hack of the week, new exploits, useful tools, trips to security conferences, but also own hobbies such as (Jan) brewing beer.
Lunch is catered, fruit is available daily in abundance, and on "Pattata Friday" we all go out for fun together.
Job requirements
Required
- Creativity, hacker mind-set.
- Drive and passion for software/application security.
- Experience in software development or at least being comfortable reading code.
- Education level equal to University of Applied Sciences or University level through work or study.
- Proficient verbal and written communication in English.
Preferred
- Professional software development background.
- Experience in performing security testing.
- Experience in performing security code reviews.
- Knowledge about web application security (OWASP).
- Knowledge about mobile security (iOS, Android).
- Research/vulnerability track record (bug bounties, CTFs and so on).
- Being active in the software security community.
What does Securify offer you?
- A proper salary based on your experience (60-75K)
- Extensive possibilities for professional and personal development.
- Comprehensive possibilities to attend trainings or courses.
- Being able to work from home.
- Flexible working hours.
- Paid-for traineeship (for junior-level).
- Being part of a young and fast-growing company.
- Pension, lunch, and a travel allowance for public transport.
- Working on challenging and innovative projects for leading organizations.
- Possibility to do your own security research.
- A combination of software development and security testing.
- Macbook, reMarkable.
And of course we are more than willing to have a chat with you concerning other items important to you.
Applying
Are you interested in this position? Please contact us.
No recruitment agencies please.