Defiant, Inc.: Web Application Vulnerability Analyst Contractor
Headquarters: Seattle, WA
URL: https://www.defiant.com/
Description
Compensation is an hourly rate of $30 USD.
- Triaging and validating vulnerability reports submitted to our Bug Bounty Program. This includes:
- Quickly assessing impact to determine the order in processing incoming submissions.
- Setting up a test environment to replicate any reported vulnerabilities
- Finding the source of the vulnerability in the source code, when not provided by the researcher
- Populating a vulnerability record based on the provided data
- Determining if a custom firewall rule needs to be developed for the vulnerability.
- Providing a recommended solution to the developer for common vulnerabilities
- Proposing a bounty amount based on our internal calculator to reflect the severity and impact of the vulnerability.
- Working with the customer service team that handles the responsible disclosure.
- Validating a patch is sufficient when released.
- Adding newly disclosed vulnerabilities from public data sources to our Vulnerability Database. This includes:
- Fully analyzing the vulnerability to determine impact
- Identifying where in the code the vulnerability occurs
- Verifying that the issue is fully patched.
- Formulating a CVSS score and choosing a CWE.
- Populating a vulnerability record based on disclosed and newly discovered data.
- Determining if a custom firewall rule needs to be developed for the vulnerability.
- Certifications, or desire to get certified (OSWE, eWPTx, PenTest+, Security+, eWPT, GWAPT, etc..)
- Experience formulating CVSS scores and identifying CWEs for vulnerability types.
- Ability to process large amounts of technical data consistently and accurately with minimal mistakes.
- Experience performing data entry related tasks where some technical proficiency and additional analysis is required prior to data entry.
- Familiarity with the CVE Program and CVE IDs.
- An understanding of the WordPress threat model
- Experience with writing and/or testing Web Application Firewall rules, or familiarity with functionality of access control lists.
- Experience working with REGEX.
- Experience writing simple scripts to improve workflows and efficiency.
- Excellent communication skills
- Technical experience with common web application based vulnerabilities in WordPress plugins and themes.
- Ability to develop proof of concepts programmatically or conceptually to test the exploitability of vulnerabilities, and the general ability to read/understand programmatic and conceptual proof of concepts.
- Ability to replicate the exploitability of vulnerabilities in a test environment
- Ability to review source code changes to determine if a vulnerability was patched, and what the patch was for.
- Experience generating/modifying HTTP requests.
- Experience working with BURP suite, or similar proxy software, and a PHP debugger.
- Experience programmatically interacting with REST APIs
- Comfort with diff’ing and searching files using command line tools.
- A solid understanding of WordPress hooks, how they are used, and how they can lead to vulnerabilities.
- A solid understanding of the responsible disclosure process.
- Excellent analytical ability, ability to think outside of the box, and an eagerness to learn.
- Please fill in the form provided in this application. The hiring team will look at this first. The way you answer our form will determine if your application moves to the next step. Please note that we read every answer and this form is a critical part of our hiring process.
- Participate in a series of phone interviews. We are respectful of your time and keep the number of interviews you will need to attend to a minimum. This is usually two or three interviews.
- All contracts and offers of employment are contingent on the successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a contract or employment with the company.
- Join our fast-paced team and start testing our products and and helping release software to over 4 million customers! All positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing, regular employment relationship.
To apply: https://weworkremotely.com/remote-jobs/defiant-inc-web-application-vulnerability-analyst-contractor
Source ⇲
We Work Remotely: Remote jobs in design, programming, marketing and more
Edunonia – Education for better tomorrow Education for better tomorrow
-
Marketing and Membership Manager
by Ndenkoh on March 29, 2024 at 12:00 am
Oakbrook Terrace, The Pediatric Orthopaedic Society of North America (POSNA) is a not-for-profit professional organization of over 1600 surgeons, physicians, and allied health members passionately dedicated to advancing musculoskeletal care for children and adolescents through education, research, quality, safety and value initiatives, advocacy, and global outreach to children in underserved areas. Summary: Manage a wide …
-
Looking for a Paid Search Specialist with E-commerce Experience (Remote Job)
by Ndenkoh on March 29, 2024 at 12:00 am
Nationwide, We are seeking an experienced Paid Search Marketing Specialist to join our team. As a Paid Search Marketing Specialist, you will be responsible for developing, implementing, and managing our company’s paid search marketing strategies. This is a senior-level position, and the ideal candidate will have over 5 years of experience in the field, with …
-
Associate
by Ndenkoh on March 29, 2024 at 12:00 am
Washington, D.C., Summary Washington, DC based association management firm seeks highly motivated communications professionals to create and manage multi-format communications initiatives for various clients. The Associate is a strong communicator and will ensure efficient, effective communications for multiple clients that support the clients’ goals, while managing deadlines and paying close attention to detail. Friendly and …
-
Director, Marketing and Communications
by Ndenkoh on March 29, 2024 at 12:00 am
Schaumburg , Illinois, Manages the development and execution of the marketing and communications strategy and ensures all marketing communications are consistent with CNS brand identity and messaging. Oversees creation of marketing plans, and campaigns to generate prospects and recruit new members through marketing activities and sales of member products and services, e.g., CNS Annual Meeting, …
-
Marketing Account Manager (US Remote)
by Ndenkoh on March 29, 2024 at 12:00 am
Kansas City, Missouri, About Water.org 1 in 4 people around the world lack access to safe water and 2 in 5 people don’t have access to a safe toilet. We are working every day to change this. We are Water.org. We’re here to bring water and sanitation to the world. We want to make it …