Defiant, Inc.: Web Application Vulnerability Analyst Contractor

Headquarters: Seattle, WA

URL: https://www.defiant.com/

• Triaging and validating vulnerability reports submitted to our Bug Bounty Program. This includes:
  • Quickly assessing impact to determine the order in processing incoming submissions.
  • Setting up a test environment to replicate any reported vulnerabilities
  • Finding the source of the vulnerability in the source code, when not provided by the researcher 
  • Populating a vulnerability record based on the provided data 
  • Determining if a custom firewall rule needs to be developed for the vulnerability. 
  • Providing a recommended solution to the developer for common vulnerabilities 
  • Proposing a bounty amount based on our internal calculator to reflect the severity and impact of the vulnerability. 
  • Working with the customer service team that handles the responsible disclosure. 
  • Validating a patch is sufficient when released. 

• Adding newly disclosed vulnerabilities from public data sources to our Vulnerability Database. This includes: 
  • Fully analyzing the vulnerability to determine impact 
  • Identifying where in the code the vulnerability occurs 
  • Verifying that the issue is fully patched. 
  • Formulating a CVSS score and choosing a CWE.  
  • Populating a vulnerability record based on disclosed and newly discovered data. 
  • Determining if a custom firewall rule needs to be developed for the vulnerability. 

• Certifications, or desire to get certified (OSWE, eWPTx, PenTest+, Security+, eWPT, GWAPT, etc..) 
• Experience formulating CVSS scores and identifying CWEs for vulnerability types.
• Ability to process large amounts of technical data consistently and accurately with minimal mistakes. 
• Experience performing data entry related tasks where some technical proficiency and additional analysis is required prior to data entry.
• Familiarity with the CVE Program and CVE IDs.
• An understanding of the WordPress threat model 
• Experience with writing and/or testing Web Application Firewall rules, or familiarity with functionality of access control lists. 
• Experience working with REGEX.
• Experience writing simple scripts to improve workflows and efficiency. 
• Excellent communication skills

• Technical experience with common web application based vulnerabilities in WordPress plugins and themes.  
• Ability to develop proof of concepts programmatically or conceptually to test the exploitability of vulnerabilities, and the general ability to read/understand programmatic and conceptual proof of concepts. 
• Ability to replicate the exploitability of vulnerabilities in a test environment  
• Ability to review source code changes to determine if a vulnerability was patched, and what the patch was for. 
• Experience generating/modifying HTTP requests.
• Experience working with BURP suite, or similar proxy software, and a PHP debugger.
• Experience programmatically interacting with REST APIs
• Comfort with diff’ing and searching files using command line tools.
• A solid understanding of WordPress hooks, how they are used, and how they can lead to vulnerabilities.
• A solid understanding of the responsible disclosure process. 
• Excellent analytical ability, ability to think outside of the box, and an eagerness to learn.  

1. Please fill in the form provided in this application. The hiring team will look at this first. The way you answer our form will determine if your application moves to the next step. Please note that we read every answer and this form is a critical part of our hiring process.
2. Participate in a series of phone interviews. We are respectful of your time and keep the number of interviews you will need to attend to a minimum. This is usually two or three interviews.
3. All contracts and offers of employment are contingent on the successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a contract or employment with the company.
4. Join our fast-paced team and start testing our products and and helping release software to over 4 million customers! All positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing, regular employment relationship.

To apply: https://weworkremotely.com/remote-jobs/defiant-inc-web-application-vulnerability-analyst-contractor

Source ⇲
We Work Remotely: Remote jobs in design, programming, marketing and more